PSF-2023-9

Import Source

https://github.com/psf/advisory-database/blob/main/advisories/python/PSF-2023-9.json

Aliases

• BIT-python-2023-41105
• CVE-2023-41105

Published

2023-08-24T00:00:00Z

Modified

2023-12-06T01:03:12.499476Z

Details

Passing a path with null bytes to the os.path.normpath() function causes the returned path to be unexpectedly truncated at the first occurrence of null bytes within the path. Python versions before 3.11.0 didn’t truncate the path on null bytes.

If allowlisting is applied before a call to os.path.normpath() is used later in the program, the allowlisting can be circumvented if the path containing null bytes is constructed to pass the allowlist but then change to the targeted resource after truncation.

References

• https://mail.python.org/archives/list/security-announce@python.org/thread/D6CDW3ZZC5D444YGL3VQUY6D4ECMCQLD/
• https://github.com/python/cpython/issues/106242
• https://github.com/python/cpython/pull/106816