CVE-2023-41105

HIGH

Python 3.11.0-3.11.4 - Untrusted Search Path via os.path.normpath()

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2023-41105. PoCs published by JawadPy.

AI-analyzed exploit summary The repository contains functional exploit code for multiple CVEs, including CVE-2023-41105, which demonstrates a path normalization vulnerability in Python's os.path.normpath() function. The PoC shows how a null byte can truncate paths unexpectedly, potentially leading to security issues in applications relying on this function.

Description

An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x.

Exploits (1)

github WORKING POC 1 stars

by JawadPy · pythonpoc

https://github.com/JawadPy/CVE-Exploit-Collection/tree/main/CVE-2023-41105-Exploit

View Code ZIP pw:eip

The repository contains functional exploit code for multiple CVEs, including CVE-2023-41105, which demonstrates a path normalization vulnerability in Python's os.path.normpath() function. The PoC shows how a null byte can truncate paths unexpectedly, potentially leading to security issues in applications relying on this function.

Classification

Working Poc 90%

Attack Type

Other

Complexity

Trivial

Reliability

Reliable

Target: Python 3.11 through 3.11.4

No auth needed

Prerequisites: Python 3.11 through 3.11.4

MITRE ATT&CK

T1190 - Exploit Public-Facing Application

devstral-2 · analyzed Feb 27, 2026 Full analysis →

References (6)

Core 6

Core References

Issue Tracking, Patch

https://github.com/python/cpython/issues/106242

Patch

https://github.com/python/cpython/pull/107981

Patch

https://github.com/python/cpython/pull/107982

Patch

https://github.com/python/cpython/pull/107983

Third Party Advisory

https://security.netapp.com/advisory/ntap-20231006-0015/

Various Sources

https://mail.python.org/archives/list/security-announce%40python.org/thread/D6CDW3ZZC5D444YGL3VQUY6D4ECMCQLD/

Scores

CVSS v3 7.5

EPSS 0.0219

EPSS Percentile 80.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

Details

CWE

CWE-426

Status published

Products (2)

netapp/active_iq_unified_manager

python/python 3.11.0 - 3.11.4

Published Aug 23, 2023

Tracked Since Feb 18, 2026