CVE-2023-41105 : An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0'

An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x.

Published 2023-08-23 07:15:09

Updated 2023-11-01 15:02:01

Source MITRE

View at NVD, CVE.org

Vulnerability category: File inclusion

Products affected by CVE-2023-41105

Netapp » Active Iq Unified Manager » Version: N/A For Windows
cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
Matching versions
Python » Python
Versions from including (>=) 3.11.0 and up to, including, (<=) 3.11.4
cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
Matching versions

Exploit prediction scoring system (EPSS) score for CVE-2023-41105

EPSS FAQ

0.17%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 40 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2023-41105

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
7.5	HIGH	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N	3.9	3.6	NIST
Attack Vector: Network Attack Complexity: Low Privileges Required: None User Interaction: None Scope: Unchanged Confidentiality: None Integrity: High Availability: None

CWE ids for CVE-2023-41105

CWE-426 Untrusted Search Path

The product searches for critical resources using an externally-supplied search path that can point to resources that are not under the product's direct control.

Assigned by: nvd@nist.gov (Primary)

References for CVE-2023-41105

https://github.com/python/cpython/issues/106242

os.path.normpath truncates input on null bytes in 3.11, but not 3.10 · Issue #106242 · python/cpython · GitHub
Issue Tracking;Patch

CVEs referencing this url
https://security.netapp.com/advisory/ntap-20231006-0015/

CVE-2023-41105 Python Vulnerability in NetApp Products | NetApp Product Security
Third Party Advisory
https://github.com/python/cpython/pull/107981

[3.12] gh-106242: Fix path truncation in os.path.normpath (GH-106816) by zooba · Pull Request #107981 · python/cpython · GitHub
Patch
https://mail.python.org/archives/list/security-announce@python.org/thread/D6CDW3ZZC5D444YGL3VQUY6D4ECMCQLD/

Mailman 3 [CVE-2023-41105] os.path.normpath() truncates on null bytes - Security-announce - python.org
Mailing List;Patch;Vendor Advisory
https://github.com/python/cpython/pull/107982

[3.11] gh-106242: Fix path truncation in os.path.normpath (GH-106816) by zooba · Pull Request #107982 · python/cpython · GitHub
Patch
https://github.com/python/cpython/pull/107983

gh-106242: Minor fixup to avoid compiler warnings by zooba · Pull Request #107983 · python/cpython · GitHub
Patch

Jump to

Vulnerability Details : CVE-2023-41105

Products affected by CVE-2023-41105

Exploit prediction scoring system (EPSS) score for CVE-2023-41105

CVSS scores for CVE-2023-41105

CWE ids for CVE-2023-41105

References for CVE-2023-41105