CVE-2023-41105

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2023-41105
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-41105.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2023-41105
Aliases
Downstream
Related
Published
2023-08-23T00:00:00Z
Modified
2026-06-18T03:56:50.370910118Z
Summary
[none]
Details

An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x.

Database specific 
{
    "osv_generated_from": "https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/41xxx/CVE-2023-41105.json",
    "cna_assigner": "mitre"
}
References

Affected packages

Git / github.com/python/cpython

Affected ranges

Type
GIT
Repo
https://github.com/python/cpython
Events
Introduced
deaf509e8fc6e0363bd6f26d52ad42f976ec42f2
Fixed
d2340ef25721b6a72d45d4508c672c4be38c67d3
Database specific 
{
    "extracted_events": [
        {
            "introduced": "3.11"
        },
        {
            "fixed": "3.11.4"
        },
        {
            "introduced": "3.11.0"
        },
        {
            "last_affected": "3.11.4"
        }
    ],
    "source": [
        "DESCRIPTION",
        "CPE_RANGE"
    ],
    "cpe": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*"
}

Database specific

source 
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-41105.json"