OpenCVE

An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact High

Availability Impact None

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Netapp	Active Iq Unified Manager
Python	Python
Redhat	Enterprise Linux

Configuration 1 [-]

cpe:2.3:a:python:python:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*

Package	CPE	Advisory	Released Date
Red Hat Enterprise Linux 8
python3.11-0:3.11.5-1.el8_9	cpe:/a:redhat:enterprise_linux:8	RHSA-2023:7024	2023-11-14T00:00:00Z
Red Hat Enterprise Linux 9
python3.11-0:3.11.5-1.el9_3	cpe:/a:redhat:enterprise_linux:9	RHSA-2023:6494	2023-11-07T00:00:00Z

References

Link	Providers
https://github.com/python/cpython/issues/106242
https://github.com/python/cpython/pull/107981
https://github.com/python/cpython/pull/107982
https://github.com/python/cpython/pull/107983
https://mail.python.org/archives/list/security-announce%40python.org/thread/D6CDW3ZZC5D444YGL3VQUY6D4ECMCQLD/
https://mail.python.org/archives/list/security-announce@python.org/thread/D6CDW3ZZC5D444YGL3VQUY6D4ECMCQLD/
https://nvd.nist.gov/vuln/detail/CVE-2023-41105
https://security.netapp.com/advisory/ntap-20231006-0015/
https://www.cve.org/CVERecord?id=CVE-2023-41105

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2023-08-23T00:00:00

Updated: 2024-10-03T14:04:01.955Z

Reserved: 2023-08-23T00:00:00

Link: CVE-2023-41105

Vulnrichment

No data.

NVD

Status : Modified

Published: 2023-08-23T07:15:08.590

Modified: 2023-11-07T04:20:53.350

Link: CVE-2023-41105

Redhat

Severity : Moderate

Publid Date: 2023-08-23T00:00:00Z

Links: CVE-2023-41105 - Bugzilla

{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2023-41105", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-10-03T14:04:01.955Z", "dateReserved": "2023-08-23T00:00:00", "datePublished": "2023-08-23T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2023-10-06T14:06:42.352881"}, "descriptions": [{"lang": "en", "value": "An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://github.com/python/cpython/issues/106242"}, {"url": "https://github.com/python/cpython/pull/107983"}, {"url": "https://github.com/python/cpython/pull/107981"}, {"url": "https://github.com/python/cpython/pull/107982"}, {"url": "https://mail.python.org/archives/list/security-announce%40python.org/thread/D6CDW3ZZC5D444YGL3VQUY6D4ECMCQLD/"}, {"url": "https://security.netapp.com/advisory/ntap-20231006-0015/"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-02T18:54:02.969Z"}, "title": "CVE Program Container", "references": [{"url": "https://github.com/python/cpython/issues/106242", "tags": ["x_transferred"]}, {"url": "https://github.com/python/cpython/pull/107983", "tags": ["x_transferred"]}, {"url": "https://github.com/python/cpython/pull/107981", "tags": ["x_transferred"]}, {"url": "https://github.com/python/cpython/pull/107982", "tags": ["x_transferred"]}, {"url": "https://mail.python.org/archives/list/security-announce%40python.org/thread/D6CDW3ZZC5D444YGL3VQUY6D4ECMCQLD/", "tags": ["x_transferred"]}, {"url": "https://security.netapp.com/advisory/ntap-20231006-0015/", "tags": ["x_transferred"]}]}, {"affected": [{"vendor": "python", "product": "python", "cpes": ["cpe:2.3:a:python:python:-:*:*:*:*:*:*:*"], "defaultStatus": "unknown", "versions": [{"version": "3.11", "status": "affected", "lessThanOrEqual": "3.11.4", "versionType": "custom"}]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2024-10-03T14:01:12.902677Z", "id": "CVE-2023-41105", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-10-03T14:04:01.955Z"}}]}}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "445B042E-9410-42E8-8749-A5EAEF2FF93D", "versionEndIncluding": "3.11.4", "versionStartIncluding": "3.11.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*", "matchCriteriaId": "B55E8D50-99B4-47EC-86F9-699B67D473CE", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x."}], "id": "CVE-2023-41105", "lastModified": "2023-11-07T04:20:53.350", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2023-08-23T07:15:08.590", "references": [{"source": "cve@mitre.org", "tags": ["Issue Tracking", "Patch"], "url": "https://github.com/python/cpython/issues/106242"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/python/cpython/pull/107981"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/python/cpython/pull/107982"}, {"source": "cve@mitre.org", "tags": ["Patch"], "url": "https://github.com/python/cpython/pull/107983"}, {"source": "cve@mitre.org", "url": "https://mail.python.org/archives/list/security-announce%40python.org/thread/D6CDW3ZZC5D444YGL3VQUY6D4ECMCQLD/"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory"], "url": "https://security.netapp.com/advisory/ntap-20231006-0015/"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-426"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:7024", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "python3.11-0:3.11.5-1.el8_9", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-11-14T00:00:00Z"}, {"advisory": "RHSA-2023:6494", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "python3.11-0:3.11.5-1.el9_3", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2023-11-07T00:00:00Z"}], "bugzilla": {"description": "python: file path truncation at \\0 characters", "id": "2235795", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2235795"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N", "status": "verified"}, "cwe": "CWE-158", "details": ["An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x.", "Python 3.11 os.path.normpath() function is vulnerable to path truncation if a null byte is inserted in the middle of passed path. This may result in bypass of allow lists if implemented before the verification of the path."], "name": "CVE-2023-41105", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Not affected", "package_name": "python", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "python", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Not affected", "package_name": "python3", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "python27:2.7/python2", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "python3", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "python36:3.6/python36", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "python39:3.9/python39", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:9", "fix_state": "Not affected", "package_name": "python3.9", "product_name": "Red Hat Enterprise Linux 9"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Not affected", "package_name": "rh-python38-python", "product_name": "Red Hat Software Collections"}], "public_date": "2023-08-23T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2023-41105\nhttps://nvd.nist.gov/vuln/detail/CVE-2023-41105\nhttps://mail.python.org/archives/list/security-announce@python.org/thread/D6CDW3ZZC5D444YGL3VQUY6D4ECMCQLD/"], "statement": "Python versions prior to 3.11.0 are not affected by this flaw.", "threat_severity": "Moderate", "upstream_fix": "Pyhton 3.11.5"}