PSF-2023-9
See a problem?- Import Source
- https://github.com/psf/advisory-database/blob/main/advisories/python/PSF-2023-9.json
- JSON Data
- https://api.osv.dev/v1/vulns/PSF-2023-9
- Aliases
- Published
- 2023-08-24T00:00:00Z
- Modified
- 2023-12-06T01:03:12.499476Z
- Summary
- os.path.normpath() truncates on null bytes
- Details
-
Passing a path with null bytes to the
os.path.normpath()function causes the returned path to be unexpectedly truncated at the first occurrence of null bytes within the path. Python versions before 3.11.0 didn’t truncate the path on null bytes.If allowlisting is applied before a call to
os.path.normpath()is used later in the program, the allowlisting can be circumvented if the path containing null bytes is constructed to pass the allowlist but then change to the targeted resource after truncation. - References
- Credits
-
-
- Noriko Totsuka of JPCERT/CC - FINDER
-
- Masashi Yamane of LAC Co., Ltd - FINDER
-
- Delta Regeer - REPORTER
-
- Finn Womack - REMEDIATION_DEVELOPER
-
- Steve Dower - REMEDIATION_REVIEWER
-
- Seth Michael Larson - COORDINATOR
-
Affected packages
Git / github.com/python/cpython
Affected versions
v3.*
v3.11.0
v3.11.0a1
v3.11.0a2
v3.11.0a3
v3.11.0a4
v3.11.0a5
v3.11.0a6
v3.11.0a7
v3.11.0b1
v3.11.0b2
v3.11.0b3
v3.11.0b4
v3.11.0b5
v3.11.0rc1
v3.11.0rc2
v3.11.1
v3.11.2
v3.11.3
v3.11.4
v3.12.0a1
v3.12.0a2
v3.12.0a3
v3.12.0a4
v3.12.0a5
v3.12.0a6
v3.12.0a7
v3.12.0b1
v3.12.0b2
v3.12.0b3
v3.12.0b4
v3.12.0rc1