Lucene search

K

[email protected]NVD:CVE-2023-41105

HistoryAug 23, 2023 - 7:15 a.m.

CVE-2023-41105

2023-08-2307:15:08

CWE-426

[email protected]

web.nvd.nist.gov

1

python

security

path truncation

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.0%

An issue was discovered in Python 3.11 through 3.11.4. If a path containing ‘\0’ bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first ‘\0’ byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x.

Affected configurations

NVD

Node

pythonpythonRange3.11.0–3.11.4

Node

netappactive_iq_unified_managerMatch-windows

References

github.com/python/cpython/issues/106242

github.com/python/cpython/pull/107981

github.com/python/cpython/pull/107982

github.com/python/cpython/pull/107983

mail.python.org/archives/list/security-announce%40python.org/thread/D6CDW3ZZC5D444YGL3VQUY6D4ECMCQLD/

security.netapp.com/advisory/ntap-20231006-0015/

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

HIGH

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

7.4 High

AI Score

Confidence

High

0.001 Low

EPSS

Percentile

23.0%

Related for NVD:CVE-2023-41105

nessus13 osv5 f51 ubuntucve1 veracode1 openvas6 ubuntu1 githubexploit2 prion1 debiancve1 cvelist1 redhatcve1 cve1 redhat2 oraclelinux2 almalinux2 jvn1 ibm4 gentoo1 photon1 oracle2