From b81b1427cbb16e5968d9b61464fdeba9b24c93d8 Mon Sep 17 00:00:00 2001
From: Fisher4ever <981585062@qq.com>
Date: Tue, 21 Nov 2023 20:15:18 +0800
Subject: [PATCH] add CVE-2023-41105

---
 .../2022/CVE-2023-41105/CVE-2023-41105.py     |  5 ++++
 cve/python/2022/CVE-2023-41105/README.md      | 21 ++++++++++++++++
 cve/python/2022/yaml/CVE-2023-41105.yaml      | 24 +++++++++++++++++++
 3 files changed, 50 insertions(+)
 create mode 100644 cve/python/2022/CVE-2023-41105/CVE-2023-41105.py
 create mode 100644 cve/python/2022/CVE-2023-41105/README.md
 create mode 100644 cve/python/2022/yaml/CVE-2023-41105.yaml

diff --git a/cve/python/2022/CVE-2023-41105/CVE-2023-41105.py b/cve/python/2022/CVE-2023-41105/CVE-2023-41105.py
new file mode 100644
index 00000000..aaad9ff0
--- /dev/null
+++ b/cve/python/2022/CVE-2023-41105/CVE-2023-41105.py
@@ -0,0 +1,5 @@
+import os.path
+os.path.normpath('hello\x00world')
+# this should ouput 'hello\x00world'
+os.path.normpath('\x00hello')
+# this should output '\x00hello'
\ No newline at end of file
diff --git a/cve/python/2022/CVE-2023-41105/README.md b/cve/python/2022/CVE-2023-41105/README.md
new file mode 100644
index 00000000..c8a2d500
--- /dev/null
+++ b/cve/python/2022/CVE-2023-41105/README.md
@@ -0,0 +1,21 @@
+# Python Vulnerability in NetApp Products
+Date: 2023-11-07  
+Exploit Author: Seth Larson  
+Vendor Homepage: https://github.com/python/cpython  
+Software Link: https://github.com/abersheeran/rpc.py  
+Version: Python 3.11.0 to 3.11.4  
+Tested on: Python 3.11.3 (main, Jun 5 2023, 09:32:32) [GCC 13.1.1 20230429] on linux 
+CVE : CVE-2023-41105 
+
+# Usage
+```
+python CVE-2023-41105.py  
+```
+
+# reference
+https://github.com/python/cpython/issues/106242	
+https://github.com/python/cpython/pull/107981	
+https://github.com/python/cpython/pull/107982	
+https://github.com/python/cpython/pull/107983	
+https://mail.python.org/archives/list/security-announce%40python.org/thread/D...	
+https://security.netapp.com/advisory/ntap-20231006-0015/
diff --git a/cve/python/2022/yaml/CVE-2023-41105.yaml b/cve/python/2022/yaml/CVE-2023-41105.yaml
new file mode 100644
index 00000000..3c55d577
--- /dev/null
+++ b/cve/python/2022/yaml/CVE-2023-41105.yaml
@@ -0,0 +1,24 @@
+id: CVE-2023-41105
+source: https://github.com/python/cpython/issues/106242
+info:
+  name: Python Vulnerability in NetApp Products
+  severity: critical
+  description:
+    Multiple NetApp products incorporate Python. Python versions prior to 3.11 through 3.11.4 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data.
+  scope-of-influence:
+    Versions 9.8, 9.10 and 9.11 are not affected; versions 9.12 and 9.13 are affected.
+  reference:
+    - https://github.com/python/cpython/issues/106242	
+    - https://github.com/python/cpython/pull/107981	
+    - https://github.com/python/cpython/pull/107982	
+    - https://github.com/python/cpython/pull/107983	
+    - https://mail.python.org/archives/list/security-announce%40python.org/thread/D...	
+    - https://security.netapp.com/advisory/ntap-20231006-0015/
+  classification:
+    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
+    cvss-score: 7.5
+    cve-id: CVE-2023-41105
+    cwe-id: None
+    cnvd-id: None
+    kve-id: None
+  tags: Source Codes Read