VulnerableCode Vulnerability Details

Search for vulnerabilities

Vulnerability details: VCID-tyyj-a9u7-aaag

Essentials
Severities (88)
References (19)
Severity details (6)
Exploits (0)
EPSS
History (0)

Vulnerability ID	VCID-tyyj-a9u7-aaag
Aliases	CVE-2023-41105
Summary	An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x.
Status	Published
Exploitability	0.5
Weighted Severity	6.8
Risk	3.4
Affected and Fixed Packages	Package Details

Weaknesses (2)

CWE-426	Untrusted Search Path
CWE-158	Improper Neutralization of Null Byte or NUL Character

System	Score	Found at
cvssv3	7.5	https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41105.json
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00105	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00107	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00122	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00122	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00122	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00122	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00122	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00174	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00179	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00189	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00189	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00189	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00742	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00742	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00742	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00742	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00742	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00742	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00742	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00742	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00742	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00742	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00742	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.00742	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
epss	0.02356	https://api.first.org/data/v1/epss?cve=CVE-2023-41105
cvssv3.1	6.7	https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1	5.3	https://github.com/python/cpython/issues/106242
generic_textual	MODERATE	https://github.com/python/cpython/issues/106242
cvssv3	7.5	https://nvd.nist.gov/vuln/detail/CVE-2023-41105
cvssv3.1	7.5	https://nvd.nist.gov/vuln/detail/CVE-2023-41105

Reference id	Reference type	URL
		https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41105.json
		https://api.first.org/data/v1/epss?cve=CVE-2023-41105
		https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
		https://github.com/python/cpython/issues/106242
		https://github.com/python/cpython/pull/107981
		https://github.com/python/cpython/pull/107982
		https://github.com/python/cpython/pull/107983
		https://mail.python.org/archives/list/security-announce%40python.org/thread/D6CDW3ZZC5D444YGL3VQUY6D4ECMCQLD/
		https://mail.python.org/archives/list/security-announce@python.org/thread/D6CDW3ZZC5D444YGL3VQUY6D4ECMCQLD/
		https://security.netapp.com/advisory/ntap-20231006-0015/
2235795		https://bugzilla.redhat.com/show_bug.cgi?id=2235795
cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:netapp:active_iq_unified_manager:-:::::windows::
cpe:2.3:a:python:python::::::::		https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:python:python::::::::
CVE-2023-41105		https://nvd.nist.gov/vuln/detail/CVE-2023-41105
GLSA-202405-01		https://security.gentoo.org/glsa/202405-01
RHSA-2023:6494		https://access.redhat.com/errata/RHSA-2023:6494
RHSA-2023:7024		https://access.redhat.com/errata/RHSA-2023:7024
USN-6547-1		https://usn.ubuntu.com/6547-1/
USN-6891-1		https://usn.ubuntu.com/6891-1/

No exploits are available.

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-41105.json

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:L/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N Found at https://github.com/python/cpython/issues/106242

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-41105

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-41105

Attack Vector (AV)	Attack Complexity (AC)	Privileges Required (PR)	User Interaction (UI)	Scope (S)	Confidentiality Impact (C)	Integrity Impact (I)	Availability Impact (A)
network adjacent_network local physical	low high	none low high	none required	unchanged changed	high low none	high low none	high low none

Attack Vector (AV)

Attack Complexity (AC)

Privileges Required (PR)

User Interaction (UI)

Scope (S)

Confidentiality Impact (C)

Integrity Impact (I)

Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none

Exploit Prediction Scoring System (EPSS)

Percentile	0.43802
EPSS Score	0.00105
Published At	Dec. 17, 2024, midnight

Date	Actor	Action	Source	VulnerableCode Version
There are no relevant records.