Svenclaesson

**Name of the Vulnerable Software and Affected Versions** SharpCompress (affected versions not specified) **Description** A path traversal issue exists in the `IArchive.WriteToDirectory()` method, specifically within the `WriteToDirectoryInternal()` and `WriteToDirectoryAsyncInternal()` functions. This allows a malicious archive to create directories outside the intended extraction root because the software fails to perform path normalization or bounds checks before calling `Directory.CreateDirectory`. This affects ZIP and non-solid TAR archive formats. For TAR archives, this can be escalated to arbitrary file writes if the caller provides a `SymbolicLinkHandler`. An attacker can use a symlink entry to point outside the extraction root; subsequent file entries targeting that symlink will be written to the external location, as the library does not validate the `linkTarget` variable before passing it to the handler. **Recommendations** Apply path normalization using `Path.GetFullPath()` and verify that the resulting path starts with the destination directory before calling `Directory.CreateDirectory()` in the `WriteToDirectoryInternal()` and `WriteToDirectoryAsyncInternal()` functions. Validate the `linkTarget` variable before invoking the `SymbolicLinkHandler` or restrict the use of the `SymbolicLinkHandler` when processing untrusted TAR archives.