CVE-2023-41105

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Aug 23, 2023
Updated: Nov 7, 2023
CWE ID 426

Summary

CVE-2023-41105 is a vulnerability affecting Python 3.11 through 3.11.4. This issue arises when the os.path.normpath() function encounters a path containing '\\0' bytes. Instead of rejecting the filename for security reasons, as previous versions of Python would have done, the function unexpectedly truncates the path at the first occurrence of '\\0' byte. This could potentially lead to unintended directory traversal or other security issues in applications that rely on this function. It is recommended that users upgrade to the latest version of Python, 3.11.5, which contains a fix for this vulnerability.

Ligh bulbPrevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Share

Affected Products

  • Python

Affected Vendors

  • Python Software Foundation
  • NetApp