openkylin
/
openkylin-exploit-db
mirror of https://gitee.com/openkylin/openkylin-exploit-db.git
9
0
Fork 0
Code Issues Projects Releases Wiki Activity

add CVE-2023-41105

This commit is contained in:
Fisher4ever 2023-11-21 20:15:18 +08:00
parent 368fc95951
commit b81b1427cb
3 changed files with 50 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
cve/python/2022/CVE-2023-41105/CVE-2023-41105.py Normal file
View File

@ -0,0 +1,5 @@
import os.path
os.path.normpath('hello\x00world')
# this should ouput 'hello\x00world'
os.path.normpath('\x00hello')
# this should output '\x00hello'

21
cve/python/2022/CVE-2023-41105/README.md Normal file
View File

@ -0,0 +1,21 @@
# Python Vulnerability in NetApp Products
Date: 2023-11-07
Exploit Author: Seth Larson
Vendor Homepage: https://github.com/python/cpython
Software Link: https://github.com/abersheeran/rpc.py
Version: Python 3.11.0 to 3.11.4
Tested on: Python 3.11.3 (main, Jun 5 2023, 09:32:32) [GCC 13.1.1 20230429] on linux
CVE : CVE-2023-41105
# Usage
```
python CVE-2023-41105.py
```
# reference
https://github.com/python/cpython/issues/106242
https://github.com/python/cpython/pull/107981
https://github.com/python/cpython/pull/107982
https://github.com/python/cpython/pull/107983
https://mail.python.org/archives/list/security-announce%40python.org/thread/D...
https://security.netapp.com/advisory/ntap-20231006-0015/

24
cve/python/2022/yaml/CVE-2023-41105.yaml Normal file
View File

@ -0,0 +1,24 @@
id: CVE-2023-41105
source: https://github.com/python/cpython/issues/106242
info:
name: Python Vulnerability in NetApp Products
severity: critical
description:
Multiple NetApp products incorporate Python. Python versions prior to 3.11 through 3.11.4 are susceptible to a vulnerability which when successfully exploited could lead to addition or modification of data.
scope-of-influence:
Versions 9.8, 9.10 and 9.11 are not affected; versions 9.12 and 9.13 are affected.
reference:
- https://github.com/python/cpython/issues/106242
- https://github.com/python/cpython/pull/107981
- https://github.com/python/cpython/pull/107982
- https://github.com/python/cpython/pull/107983
- https://mail.python.org/archives/list/security-announce%40python.org/thread/D...
- https://security.netapp.com/advisory/ntap-20231006-0015/
classification:
cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N
cvss-score: 7.5
cve-id: CVE-2023-41105
cwe-id: None
cnvd-id: None
kve-id: None
tags: Source Codes Read