CVE-2020-10735

{"id": "CVE-2020-10735", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2022-09-09T14:15:08.660", "references": [{"url": "http://www.openwall.com/lists/oss-security/2022/09/21/1", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "http://www.openwall.com/lists/oss-security/2022/09/21/4", "tags": ["Mailing List", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://access.redhat.com/security/cve/CVE-2020-10735", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834423", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y", "tags": ["Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://github.com/python/cpython/issues/95778", "tags": ["Patch", "Third Party Advisory"], "source": "secalert@redhat.com"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", "source": "secalert@redhat.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2VCU6EVQDIXNCEDJUCTFIER2WVNNDTYZ/", "source": "secalert@redhat.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/32AAQKABEKFCB5DDV5OONRZK6BS23HPW/", "source": "secalert@redhat.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EWKR2SPX3JORLWCXFY3KN2U5B5CIUQQ/", "source": "secalert@redhat.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XL6E5A3I36TRR73VNBOXNIQP4AMZDFZ/", "source": "secalert@redhat.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/76YE7AM37MRU76XJV4M27CWDAMUGNRYK/", "source": "secalert@redhat.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSRPVJZL6DJFWKYRHMNJB7VCEUCBKRF5/", "source": "secalert@redhat.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/", "source": "secalert@redhat.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NHC6IUU7CLRQ3QLPWUXLONSG3SXFTR47/", "source": "secalert@redhat.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OKYE2DOI2X7WZXAWTQJZAXYIWM37HDCY/", "source": "secalert@redhat.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OT5U223OE5ZOUHZAZYSYSWVJQIKDE73E/", "source": "secalert@redhat.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OT5WQB7Z3CXOWVBD2AFAHYPA5ONYFFZ4/", "source": "secalert@redhat.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PD7FTLJOIGMUSCDR3JAN6WRFHJEE4PH5/", "source": "secalert@redhat.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZYJSGLSCQOKXXFVJVJQAXLEOJBIWGEL/", "source": "secalert@redhat.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TD7JDDKJXK6D26XAN3YRFNM2LAJHT5UO/", "source": "secalert@redhat.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMWPRAAJS7I6U3U45V7GZVXWNSECI22M/", "source": "secalert@redhat.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4ZZV4CDFRMTPDBI7C5L43RFL3XLIGUY/", "source": "secalert@redhat.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBPDVCDIUCEBE7C4NAGNA2KQJYOTPBAZ/", "source": "secalert@redhat.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V7ZUJDHK7KNG6SLIFXW7MNZ6O2PUJYK6/", "source": "secalert@redhat.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/", "source": "secalert@redhat.com"}, {"url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZEOAJWGGY55QU35UM2OVZATBW5MX2OZD/", "source": "secalert@redhat.com"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-704"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int(\"text\"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability."}, {"lang": "es", "value": "Se ha encontrado un fallo en python. En los algoritmos con complejidad de tiempo cuadr\u00e1tica que usan bases no binarias, cuando es usada int(\"text\"), un sistema podr\u00eda tardar 50ms en analizar una cadena int con 100.000 d\u00edgitos y 5s para 1.000.000 de d\u00edgitos (float, decimal, int.from_bytes(), e int() para bases binarias 2, 4, 8, 16, y 32 no est\u00e1n afectados). La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema"}], "lastModified": "2023-06-30T23:15:09.393", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "0743C1B3-D44D-4940-AAF4-25DEFB46AC74", "versionEndExcluding": "3.7.14", "versionStartIncluding": "3.7.0"}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5E28EB81-9BE6-4EC9-AC44-EFA4DDB0233F", "versionEndExcluding": "3.8.14", "versionStartIncluding": "3.8.0"}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "24517651-FDBB-4867-99A6-25E12EE8A117", "versionEndExcluding": "3.9.14", "versionStartIncluding": "3.9.0"}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6D795AAC-B427-4067-99F3-D36B0F936ACB", "versionEndExcluding": "3.10.7", "versionStartIncluding": "3.10.0"}, {"criteria": "cpe:2.3:a:python:python:3.11.0:alpha1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "514A577E-5E60-40BA-ABD0-A8C5EB28BD90"}, {"criteria": "cpe:2.3:a:python:python:3.11.0:alpha2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "83B71795-9C81-4E5F-967C-C11808F24B05"}, {"criteria": "cpe:2.3:a:python:python:3.11.0:alpha3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3F6F71F3-299E-4A4B-ADD1-EAD5A1D433E2"}, {"criteria": "cpe:2.3:a:python:python:3.11.0:alpha4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "D9BBF4E9-EA54-41B5-948E-8E3D2660B7EF"}, {"criteria": "cpe:2.3:a:python:python:3.11.0:alpha5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "AEBFDCE7-81D4-4741-BB88-12C704515F5C"}, {"criteria": "cpe:2.3:a:python:python:3.11.0:alpha6:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "156EB4C2-EFB7-4CEB-804D-93DB62992A63"}, {"criteria": "cpe:2.3:a:python:python:3.11.0:alpha7:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8CC972AE-16A8-4B74-A3E7-36BCDD7C1ED3"}, {"criteria": "cpe:2.3:a:python:python:3.11.0:beta1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "554015CB-0325-438B-8C11-0F85F54ABC50"}, {"criteria": "cpe:2.3:a:python:python:3.11.0:beta2:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8037C129-0030-455E-A359-98E14D1498D4"}, {"criteria": "cpe:2.3:a:python:python:3.11.0:beta3:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7C3DC43B-72CC-4FC5-8072-F051FB47F6D1"}, {"criteria": "cpe:2.3:a:python:python:3.11.0:beta4:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "6657ED60-908B-48E6-B95B-572E57CFBB69"}, {"criteria": "cpe:2.3:a:python:python:3.11.0:beta5:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "1EF628A1-82F5-403C-B527-388C13507CDF"}, {"criteria": "cpe:2.3:a:python:python:3.11.0:rc1:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "3055A198-13F8-42C0-8FD7-316AA8984A8A"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B1987BDA-0113-4603-B9BE-76647EB043F2"}, {"criteria": "cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "749804DA-4B27-492A-9ABA-6BB562A6B3AC"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"}], "operator": "OR"}]}], "sourceIdentifier": "secalert@redhat.com"}