CVE-2020-10735

Published Sep 9, 2022

Last updated a year ago

CVSS high 7.5

Overview

Description: A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.
Source: secalert@redhat.com
NVD status: Modified

Risk scores

CVSS 3.1

Type: Primary
Base score: 7.5
Impact score: 3.6
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Severity: HIGH

Weaknesses

nvd@nist.gov: CWE-704

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "0743C1B3-D44D-4940-AAF4-25DEFB46AC74",
            "versionEndExcluding": "3.7.14",
            "versionStartIncluding": "3.7.0"
          },
          {
            "criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5E28EB81-9BE6-4EC9-AC44-EFA4DDB0233F",
            "versionEndExcluding": "3.8.14",
            "versionStartIncluding": "3.8.0"
          },
          {
            "criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "24517651-FDBB-4867-99A6-25E12EE8A117",
            "versionEndExcluding": "3.9.14",
            "versionStartIncluding": "3.9.0"
          },
          {
            "criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6D795AAC-B427-4067-99F3-D36B0F936ACB",
            "versionEndExcluding": "3.10.7",
            "versionStartIncluding": "3.10.0"
          },
          {
            "criteria": "cpe:2.3:a:python:python:3.11.0:alpha1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "514A577E-5E60-40BA-ABD0-A8C5EB28BD90"
          },
          {
            "criteria": "cpe:2.3:a:python:python:3.11.0:alpha2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "83B71795-9C81-4E5F-967C-C11808F24B05"
          },
          {
            "criteria": "cpe:2.3:a:python:python:3.11.0:alpha3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3F6F71F3-299E-4A4B-ADD1-EAD5A1D433E2"
          },
          {
            "criteria": "cpe:2.3:a:python:python:3.11.0:alpha4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "D9BBF4E9-EA54-41B5-948E-8E3D2660B7EF"
          },
          {
            "criteria": "cpe:2.3:a:python:python:3.11.0:alpha5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AEBFDCE7-81D4-4741-BB88-12C704515F5C"
          },
          {
            "criteria": "cpe:2.3:a:python:python:3.11.0:alpha6:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "156EB4C2-EFB7-4CEB-804D-93DB62992A63"
          },
          {
            "criteria": "cpe:2.3:a:python:python:3.11.0:alpha7:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8CC972AE-16A8-4B74-A3E7-36BCDD7C1ED3"
          },
          {
            "criteria": "cpe:2.3:a:python:python:3.11.0:beta1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "554015CB-0325-438B-8C11-0F85F54ABC50"
          },
          {
            "criteria": "cpe:2.3:a:python:python:3.11.0:beta2:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "8037C129-0030-455E-A359-98E14D1498D4"
          },
          {
            "criteria": "cpe:2.3:a:python:python:3.11.0:beta3:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7C3DC43B-72CC-4FC5-8072-F051FB47F6D1"
          },
          {
            "criteria": "cpe:2.3:a:python:python:3.11.0:beta4:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "6657ED60-908B-48E6-B95B-572E57CFBB69"
          },
          {
            "criteria": "cpe:2.3:a:python:python:3.11.0:beta5:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "1EF628A1-82F5-403C-B527-388C13507CDF"
          },
          {
            "criteria": "cpe:2.3:a:python:python:3.11.0:rc1:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "3055A198-13F8-42C0-8FD7-316AA8984A8A"
          }
        ],
        "operator": "OR"
      }
    ]
  },
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "B1987BDA-0113-4603-B9BE-76647EB043F2"
          },
          {
            "criteria": "cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "749804DA-4B27-492A-9ABA-6BB562A6B3AC"
          },
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA"
          },
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD"
          },
          {
            "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D"
          },
          {
            "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Risk scores

CVSS 3.1

Weaknesses

Social media

Configurations

References