发布于3月6日3月6日 Members SUSE: CVE-2023-41105: SUSE Linux Security Advisory Severity 8 CVSS (AV:N/AC:L/Au:N/C:N/I:C/A:N) Published 08/23/2023 Created 10/04/2023 Added 10/04/2023 Modified 01/28/2025 Description An issue was discovered in Python 3.11 through 3.11.4. If a path containing '\0' bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first '\0' byte. There are plausible cases in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11.x. Solution(s) suse-upgrade-libpython3_11-1_0 suse-upgrade-libpython3_11-1_0-32bit suse-upgrade-libpython3_4m1_0 suse-upgrade-libpython3_4m1_0-32bit suse-upgrade-python3 suse-upgrade-python3-base suse-upgrade-python3-curses suse-upgrade-python3-dbm suse-upgrade-python3-devel suse-upgrade-python3-tk suse-upgrade-python311 suse-upgrade-python311-32bit suse-upgrade-python311-base suse-upgrade-python311-base-32bit suse-upgrade-python311-curses suse-upgrade-python311-dbm suse-upgrade-python311-devel suse-upgrade-python311-doc suse-upgrade-python311-doc-devhelp suse-upgrade-python311-idle suse-upgrade-python311-testsuite suse-upgrade-python311-tk suse-upgrade-python311-tools References https://attackerkb.com/topics/cve-2023-41105 CVE - 2023-41105
参与讨论
你可立刻发布并稍后注册。 如果你有帐户,立刻登录发布帖子。
注意:你的帖子需要版主批准后才能看到。