CVE - CVE-2020-10735

CVE-ID
CVE-2020-10735	Learn more at National Vulnerability Database (NVD) • CVSS Severity Rating • Fix Information • Vulnerable Software Versions • SCAP Mappings • CPE Information
Description
A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.
References
Note: References are provided for the convenience of the reader to help distinguish between vulnerabilities. The list is not intended to be complete.
MISC:FEDORA-2022-0b3904c674 URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PD7FTLJOIGMUSCDR3JAN6WRFHJEE4PH5/ MISC:FEDORA-2022-141f632a6f URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/76YE7AM37MRU76XJV4M27CWDAMUGNRYK/ MISC:FEDORA-2022-29d436596f URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/32AAQKABEKFCB5DDV5OONRZK6BS23HPW/ MISC:FEDORA-2022-46a44a7f83 URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EWKR2SPX3JORLWCXFY3KN2U5B5CIUQQ/ MISC:FEDORA-2022-4b31e33ed0 URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V7ZUJDHK7KNG6SLIFXW7MNZ6O2PUJYK6/ MISC:FEDORA-2022-66b65beccb URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2VCU6EVQDIXNCEDJUCTFIER2WVNNDTYZ/ MISC:FEDORA-2022-6d57598a23 URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSRPVJZL6DJFWKYRHMNJB7VCEUCBKRF5/ MISC:FEDORA-2022-72213986b8 URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBPDVCDIUCEBE7C4NAGNA2KQJYOTPBAZ/ MISC:FEDORA-2022-79843dfb3c URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/ MISC:FEDORA-2022-8535093cba URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OT5WQB7Z3CXOWVBD2AFAHYPA5ONYFFZ4/ MISC:FEDORA-2022-958fd7a32e URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMWPRAAJS7I6U3U45V7GZVXWNSECI22M/ MISC:FEDORA-2022-ac82a548df URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZEOAJWGGY55QU35UM2OVZATBW5MX2OZD/ MISC:FEDORA-2022-b01214472e URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4ZZV4CDFRMTPDBI7C5L43RFL3XLIGUY/ MISC:FEDORA-2022-b8b34e62ab URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TD7JDDKJXK6D26XAN3YRFNM2LAJHT5UO/ MISC:FEDORA-2022-c072cdc3c8 URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OT5U223OE5ZOUHZAZYSYSWVJQIKDE73E/ MISC:FEDORA-2022-d1682fef04 URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/ MISC:FEDORA-2022-d4570fc1a6 URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NHC6IUU7CLRQ3QLPWUXLONSG3SXFTR47/ MISC:FEDORA-2022-dd5032bedf URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZYJSGLSCQOKXXFVJVJQAXLEOJBIWGEL/ MISC:FEDORA-2022-f330bbfda2 URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XL6E5A3I36TRR73VNBOXNIQP4AMZDFZ/ MISC:FEDORA-2022-f511f8f58b URL:https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OKYE2DOI2X7WZXAWTQJZAXYIWM37HDCY/ MISC:[oss-security] 20220921 Re: big ints in python: CVE-2020-10735 URL:http://www.openwall.com/lists/oss-security/2022/09/21/4 MISC:[oss-security] 20220921 big ints in python: CVE-2020-10735 URL:http://www.openwall.com/lists/oss-security/2022/09/21/1 MISC:https://access.redhat.com/security/cve/CVE-2020-10735 URL:https://access.redhat.com/security/cve/CVE-2020-10735 MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1834423 URL:https://bugzilla.redhat.com/show_bug.cgi?id=1834423 MISC:https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y URL:https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y MISC:https://github.com/python/cpython/issues/95778 URL:https://github.com/python/cpython/issues/95778 MLIST:[debian-lts-announce] 20230630 [SECURITY] [DLA 3477-1] python3.7 security update URL:https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html
Assigning CNA
Red Hat, Inc.
Date Record Created
20200320	Disclaimer: The record creation date may reflect when the CVE ID was allocated or reserved, and does not necessarily indicate when this vulnerability was discovered, shared with the affected vendor, publicly disclosed, or updated in CVE.
Phase (Legacy)
Assigned (20200320)
Votes (Legacy)

Comments (Legacy)

Proposed (Legacy)
N/A
This is an record on the CVE List, which provides common identifiers for publicly known cybersecurity vulnerabilities.
Search CVE Using Keywords: You can also search by reference using the CVE Reference Maps.
For More Information: CVE Request Web Form (select "Other" from dropdown)