CVE-2023-41105: Python 3.11 through 3.11.4.(os[.]path[.]normpath) truncates input on null bytes (23th Aug 2023)

Preface: It is popular like Java, Python applications can run on all operating systems (Windows, Unix, Linux, Mac).

Background: What’s New in Python 3.11. One of the new module is tomllib – For parsing TOML.
I. TOML makes writing configuration files simple, straightforward, and more human-readable than many other formats, including JSON.
The TOML file used to configure the buildkitd daemon settings has a short list of global settings followed by a series of sections for specific areas of daemon configuration.
The file path is /etc/buildkit/buildkitd.toml for rootful mode, ~/.config/buildkit/buildkitd.toml for rootless mode.

II. os[.]path[.]normpath() method in Python is used to normalize the specified path. All redundant separator and up-level references are collapsed in the process of path normalization.
For example: A//B, A/B/, A/./B and A/foo/../B all will be normalized to A/B.

If your Docker setup automation programming including above I and II. You should staying alert.

Vulnerability details:

'\0' means NULL. If a path containing ‘\0’ bytes is passed to os.path.normpath(), the path will be truncated unexpectedly at the first ‘\0’ byte.

In some cases, in which an application would have rejected a filename for security reasons in Python 3.10.x or earlier, but that filename is no longer rejected in Python 3.11 through 3.11.4.

08/23/2023 disclosed

Official announcement: For details, please refer to the link –

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.