CVE-2023-41105

HIGH

Python <3.11.4 - Info Disclosure

Title source: llm

Description

An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x.

Exploits (1)

github WORKING POC 1 stars

by JawadPy · pythonpoc

https://github.com/JawadPy/CVE-Exploit-Collection/tree/main/CVE-2023-41105-Exploit

View Code ZIP pw:eip

References (6)

[Issue Tracking, Patch] https://github.com/python/cpython/issues/106242

[Patch] https://github.com/python/cpython/pull/107981

[Patch] https://github.com/python/cpython/pull/107982

[Patch] https://github.com/python/cpython/pull/107983

[Various Sources] https://mail.python.org/archives/list/security-announce%40python.org/thread/D6CDW3ZZC5D444YGL3VQUY6D4ECMCQLD/

[Third Party Advisory] https://security.netapp.com/advisory/ntap-20231006-0015/

Scores

CVSS v3 7.5

EPSS 0.0036

EPSS Percentile 58.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Details

CWE

CWE-426

Status published

Products (2)

netapp/active_iq_unified_manager

python/python 3.11.0 - 3.11.4

Published Aug 23, 2023

Tracked Since Feb 18, 2026