High severity7.5NVD Advisory· Published Aug 23, 2023· Updated Jun 17, 2026
CVE-2023-41105
CVE-2023-41105
Description
An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected products
34(expand)+ 1 more
- (no CPE)
- (no CPE)range: 3.11 - 3.11.4
- osv-coords32 versionspkg:bitnami/libpythonpkg:bitnami/pythonpkg:bitnami/python-minpkg:rpm/almalinux/python3.11pkg:rpm/almalinux/python3.11-debugpkg:rpm/almalinux/python3.11-develpkg:rpm/almalinux/python3.11-idlepkg:rpm/almalinux/python3.11-libspkg:rpm/almalinux/python3.11-rpm-macrospkg:rpm/almalinux/python3.11-testpkg:rpm/almalinux/python3.11-tkinterpkg:rpm/opensuse/python311-core&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/python311-core&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/python311&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/python311&distro=openSUSE%20Leap%2015.5pkg:rpm/opensuse/python311&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/python311-documentation&distro=openSUSE%20Leap%2015.4pkg:rpm/opensuse/python311-documentation&distro=openSUSE%20Leap%2015.5pkg:rpm/suse/python311-core&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP4pkg:rpm/suse/python311-core&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP5pkg:rpm/suse/python311&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP4pkg:rpm/suse/python311&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP5pkg:rpm/suse/python311-documentation&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP4pkg:rpm/suse/python311-documentation&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Python%203%2015%20SP5pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/python3-base&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Web%20and%20Scripting%2012pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Server%2012%20SP5pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Server%20for%20SAP%20Applications%2012%20SP5pkg:rpm/suse/python3&distro=SUSE%20Linux%20Enterprise%20Software%20Development%20Kit%2012%20SP5
>= 3.11.0, < 3.11.5+ 31 more
- (no CPE)range: >= 3.11.0, < 3.11.5
- (no CPE)range: >= 3.11.0, < 3.11.5
- (no CPE)range: >= 3.11.0, < 3.11.5
- (no CPE)range: < 3.11.5-1.el9_3
- (no CPE)range: < 3.11.5-1.el9_3
- (no CPE)range: < 3.11.5-1.el9_3
- (no CPE)range: < 3.11.5-1.el9_3
- (no CPE)range: < 3.11.5-1.el9_3
- (no CPE)range: < 3.11.5-1.el8_9
- (no CPE)range: < 3.11.5-1.el9_3
- (no CPE)range: < 3.11.5-1.el9_3
- (no CPE)range: < 3.11.5-150400.9.20.2
- (no CPE)range: < 3.11.5-150400.9.20.2
- (no CPE)range: < 3.11.5-150400.9.20.1
- (no CPE)range: < 3.11.5-150400.9.20.1
- (no CPE)range: < 3.11.5-2.1
- (no CPE)range: < 3.11.5-150400.9.20.2
- (no CPE)range: < 3.11.5-150400.9.20.2
- (no CPE)range: < 3.11.5-150400.9.20.2
- (no CPE)range: < 3.11.5-150400.9.20.2
- (no CPE)range: < 3.11.5-150400.9.20.1
- (no CPE)range: < 3.11.5-150400.9.20.1
- (no CPE)range: < 3.11.5-150400.9.20.2
- (no CPE)range: < 3.11.5-150400.9.20.2
- (no CPE)range: < 3.4.10-25.116.1
- (no CPE)range: < 3.4.10-25.116.1
- (no CPE)range: < 3.4.10-25.116.1
- (no CPE)range: < 3.4.10-25.116.1
- (no CPE)range: < 3.4.10-25.116.1
- (no CPE)range: < 3.4.10-25.116.1
- (no CPE)range: < 3.4.10-25.116.1
- (no CPE)range: < 3.4.10-25.116.1
Patches
Vulnerability mechanics
References
6- github.com/python/cpython/issues/106242nvdIssue TrackingPatch
- github.com/python/cpython/pull/107981nvdPatch
- github.com/python/cpython/pull/107982nvdPatch
- github.com/python/cpython/pull/107983nvdPatch
- security.netapp.com/advisory/ntap-20231006-0015/nvdThird Party Advisory
- mail.python.org/archives/list/security-announce%40python.org/thread/D6CDW3ZZC5D444YGL3VQUY6D4ECMCQLD/nvd
News mentions
0No linked articles in our index yet.