CVE-2023-41105

Name of the Vulnerable Software and Affected Versions Python versions 3.11 through 3.11.4

Description The issue is related to the os.path.normpath() function, which truncates a path unexpectedly at the first '0' byte if such bytes are present in the path. This could lead to security issues, as filenames that would have been rejected for security reasons in earlier Python versions may no longer be rejected in Python 3.11.x. The vulnerability can be exploited by inserting null bytes into a path, potentially allowing a remote attacker to compromise the integrity of protected information. There are plausible cases where an application's allowlisting can be circumvented if a path with null bytes is constructed to pass the allowlist but then changes to the targeted resource after truncation.

Recommendations For Python versions 3.11 through 3.11.4, consider avoiding the use of the os.path.normpath() function with paths that may contain null bytes until a patch is available. As a temporary workaround, validate and sanitize paths before passing them to os.path.normpath() to prevent unexpected truncation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.