A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.
References
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
History
30 Jun 2023, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
12 Feb 2023, 22:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
02 Feb 2023, 21:19
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
19 Jan 2023, 16:49
Type | Values Removed | Values Added |
---|---|---|
CPE | cpe:2.3:a:python:python:3.11.0:alpha7:*:*:*:*:*:* cpe:2.3:a:python:python:3.11.0:alpha4:*:*:*:*:*:* cpe:2.3:a:python:python:3.11.0:alpha3:*:*:*:*:*:* cpe:2.3:a:python:python:3.11.0:alpha1:*:*:*:*:*:* cpe:2.3:a:python:python:3.11.0:beta5:*:*:*:*:*:* cpe:2.3:a:python:python:3.11.0:beta3:*:*:*:*:*:* cpe:2.3:a:python:python:3.11.0:beta4:*:*:*:*:*:* cpe:2.3:a:python:python:3.11.0:beta1:*:*:*:*:*:* cpe:2.3:a:python:python:3.11.0:alpha6:*:*:*:*:*:* cpe:2.3:a:python:python:3.11.0:rc1:*:*:*:*:*:* cpe:2.3:a:python:python:3.11.0:alpha5:*:*:*:*:*:* cpe:2.3:a:python:python:*:*:*:*:*:*:*:* cpe:2.3:a:python:python:3.11.0:beta2:*:*:*:*:*:* cpe:2.3:a:python:python:3.11.0:alpha2:*:*:*:*:*:* |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/NHC6IUU7CLRQ3QLPWUXLONSG3SXFTR47/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OKYE2DOI2X7WZXAWTQJZAXYIWM37HDCY/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/UBPDVCDIUCEBE7C4NAGNA2KQJYOTPBAZ/ - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/76YE7AM37MRU76XJV4M27CWDAMUGNRYK/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/PD7FTLJOIGMUSCDR3JAN6WRFHJEE4PH5/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TMWPRAAJS7I6U3U45V7GZVXWNSECI22M/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZEOAJWGGY55QU35UM2OVZATBW5MX2OZD/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT5U223OE5ZOUHZAZYSYSWVJQIKDE73E/ - Mailing List, Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2022/09/21/1 - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TD7JDDKJXK6D26XAN3YRFNM2LAJHT5UO/ - Mailing List, Third Party Advisory | |
References | (MLIST) http://www.openwall.com/lists/oss-security/2022/09/21/4 - Mailing List, Third Party Advisory |
14 Nov 2022, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Nov 2022, 14:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
15 Oct 2022, 23:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
25 Sep 2022, 04:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
23 Sep 2022, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
22 Sep 2022, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 Sep 2022, 15:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
21 Sep 2022, 12:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
18 Sep 2022, 02:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
15 Sep 2022, 17:20
Type | Values Removed | Values Added |
---|---|---|
First Time |
Redhat quay
Redhat enterprise Linux Fedoraproject Fedoraproject fedora Redhat Python python Redhat software Collections Python |
|
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/SZYJSGLSCQOKXXFVJVJQAXLEOJBIWGEL/ - Mailing List, Third Party Advisory | |
References | (MISC) https://bugzilla.redhat.com/show_bug.cgi?id=1834423 - Issue Tracking, Third Party Advisory | |
References | (MISC) https://access.redhat.com/security/cve/CVE-2020-10735 - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/V7ZUJDHK7KNG6SLIFXW7MNZ6O2PUJYK6/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2VCU6EVQDIXNCEDJUCTFIER2WVNNDTYZ/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/4EWKR2SPX3JORLWCXFY3KN2U5B5CIUQQ/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6XL6E5A3I36TRR73VNBOXNIQP4AMZDFZ/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/32AAQKABEKFCB5DDV5OONRZK6BS23HPW/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OT5WQB7Z3CXOWVBD2AFAHYPA5ONYFFZ4/ - Mailing List, Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/U4ZZV4CDFRMTPDBI7C5L43RFL3XLIGUY/ - Mailing List, Third Party Advisory | |
References | (MISC) https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y - Third Party Advisory | |
References | (FEDORA) https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HSRPVJZL6DJFWKYRHMNJB7VCEUCBKRF5/ - Mailing List, Third Party Advisory | |
References | (MISC) https://github.com/python/cpython/issues/95778 - Patch, Third Party Advisory | |
CWE | CWE-704 | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 7.5 |
CPE | cpe:2.3:a:python:python:3.7:*:*:*:*:*:*:* cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:* cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:* cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:* cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:* |
14 Sep 2022, 11:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
13 Sep 2022, 03:15
Type | Values Removed | Values Added |
---|---|---|
References |
|
09 Sep 2022, 14:15
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2022-09-09 14:15
Updated : 2023-12-10 14:35
NVD link : CVE-2020-10735
Mitre link : CVE-2020-10735
CVE.ORG link : CVE-2020-10735
JSON object : View
Products Affected
python
- python
redhat
- enterprise_linux
- software_collections
- quay
fedoraproject
- fedora
CWE
CWE-704
Incorrect Type Conversion or Cast