|Description||An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x.|
|Source||CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)|
Vulnerable and fixed packages
The table below lists information on source packages.
|python3.12 (PTS)||sid, trixie||3.12.0-6||fixed|
The information below is based on the following data on fixed versions.
[bookworm] - python3.11 <no-dsa> (Minor issue)
- python3.10 <not-affected> (Vulnerable code introduced in 3.11.y)
- python3.9 <not-affected> (Vulnerable code introduced in 3.11.y)
- python3.7 <not-affected> (Vulnerable code introduced in 3.11.y)
- python2.7 <not-affected> (Vulnerable code introduced in 3.11.y)
Backport for 3.12: https://github.com/python/cpython/pull/107981
Backport for 3.11: https://github.com/python/cpython/pull/107982