CVE-2020-10735

Summary

CVE	CVE-2020-10735
State	PUBLIC
Assigner	[email protected]
Source Priority	CVE Program / NVD first with legacy fallback
Published	2022-09-09 14:15:00 UTC
Updated	2023-06-30 23:15:00 UTC
Description	A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.

Risk And Classification

Problem Types: CWE-704

NVD Known Affected Configurations (CPE 2.3)

Type	Vendor	Product	Version	Update	Edition	Language
Operating System	Fedoraproject	Fedora	35	All	All	All
Operating System	Fedoraproject	Fedora	36	All	All	All
Operating System	Fedoraproject	Fedora	37	All	All	All
Application	Python	Python	All	All	All	All
Application	Python	Python	3.11.0	alpha1	All	All
Application	Python	Python	3.11.0	alpha2	All	All
Application	Python	Python	3.11.0	alpha3	All	All
Application	Python	Python	3.11.0	alpha4	All	All
Application	Python	Python	3.11.0	alpha5	All	All
Application	Python	Python	3.11.0	alpha6	All	All
Application	Python	Python	3.11.0	alpha7	All	All
Application	Python	Python	3.11.0	beta1	All	All
Application	Python	Python	3.11.0	beta2	All	All
Application	Python	Python	3.11.0	beta3	All	All
Application	Python	Python	3.11.0	beta4	All	All
Application	Python	Python	3.11.0	beta5	All	All
Application	Python	Python	3.11.0	rc1	All	All
Application	Python	Python	3.7	All	All	All
Operating System	Redhat	Enterprise Linux	8.0	All	All	All
Application	Redhat	Quay	3.0.0	All	All	All
Application	Redhat	Software Collections	-	All	All	All

References

Reference	Source	Link	Tags
[SECURITY] Fedora 36 Update: python3.11-3.11.0~rc2-1.fc36 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 36 Update: python3-docs-3.10.7-1.fc36 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 35 Update: python3-docs-3.10.7-1.fc35 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 36 Update: mingw-python3-3.10.8-1.fc36 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 35 Update: python3.8-3.8.14-1.fc35 - package-announce - Fedora Mailing-Lists	MISC	lists.fedoraproject.org
[SECURITY] Fedora 36 Update: python3.7-3.7.14-1.fc36 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 37 Update: python3.7-3.7.14-1.fc37 - package-announce - Fedora Mailing-Lists	MISC	lists.fedoraproject.org
[SECURITY] Fedora 36 Update: python3.11-3.11.0~rc2-1.fc36 - package-announce - Fedora Mailing-Lists	MISC	lists.fedoraproject.org
[1-pager] CPython int string conversion limit for CVE-2020-10735 DoS - Google Docs	MISC	docs.google.com
[SECURITY] Fedora 35 Update: python3.9-3.9.14-1.fc35 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 36 Update: python3.9-3.9.14-1.fc36 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 37 Update: python3.9-3.9.14-1.fc37 - package-announce - Fedora Mailing-Lists	MISC	lists.fedoraproject.org
[SECURITY] Fedora 35 Update: python3.7-3.7.14-1.fc35 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 37 Update: python3-docs-3.11.0~rc2-1.fc37 - package-announce - Fedora Mailing-Lists	MISC	lists.fedoraproject.org
Red Hat Customer Portal - Access to 24x7 support and knowledge	MISC	access.redhat.com
[SECURITY] Fedora 35 Update: python3.9-3.9.14-1.fc35 - package-announce - Fedora Mailing-Lists	MISC	lists.fedoraproject.org
[SECURITY] Fedora 35 Update: python3.11-3.11.0~rc2-1.fc35 - package-announce - Fedora Mailing-Lists	MISC	lists.fedoraproject.org
CVE-2020-10735: Prevent DoS by large int<->str conversions · Issue #95778 · python/cpython · GitHub	MISC	github.com
[SECURITY] Fedora 37 Update: mingw-python3-3.10.8-1.fc37 - package-announce - Fedora Mailing-Lists	MISC	lists.fedoraproject.org
[SECURITY] Fedora 37 Update: python3.6-3.6.15-13.fc37 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] [DLA 3477-1] python3.7 security update	MISC	lists.debian.org
Red Hat Customer Portal - Access to 24x7 support and knowledge	MISC	access.redhat.com
[SECURITY] Fedora 36 Update: python3.6-3.6.15-12.fc36 - package-announce - Fedora Mailing-Lists	MISC	lists.fedoraproject.org
1834423 – (CVE-2020-10735) CVE-2020-10735 python: int() type in PyLong_FromString() does not limit amount of digits converting text to int leading to DoS	MISC	bugzilla.redhat.com
[SECURITY] Fedora 36 Update: python3.8-3.8.14-1.fc36 - package-announce - Fedora Mailing-Lists	MISC	lists.fedoraproject.org
[SECURITY] Fedora 37 Update: python3-docs-3.11.0~rc2-1.fc37 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 37 Update: python3.8-3.8.14-1.fc37 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 37 Update: mingw-python3-3.10.8-1.fc37 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 37 Update: python3.8-3.8.14-1.fc37 - package-announce - Fedora Mailing-Lists	MISC	lists.fedoraproject.org
[SECURITY] Fedora 36 Update: mingw-python3-3.10.8-1.fc36 - package-announce - Fedora Mailing-Lists	MISC	lists.fedoraproject.org
[SECURITY] Fedora 36 Update: python3-docs-3.10.7-1.fc36 - package-announce - Fedora Mailing-Lists	MISC	lists.fedoraproject.org
[SECURITY] Fedora 35 Update: python3-docs-3.10.7-1.fc35 - package-announce - Fedora Mailing-Lists	MISC	lists.fedoraproject.org
[SECURITY] Fedora 35 Update: python3.8-3.8.14-1.fc35 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 37 Update: python3.7-3.7.14-1.fc37 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 36 Update: python3.6-3.6.15-12.fc36 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 37 Update: python3.10-3.10.7-1.fc37 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 36 Update: python3.9-3.9.14-1.fc36 - package-announce - Fedora Mailing-Lists	MISC	lists.fedoraproject.org
[SECURITY] Fedora 37 Update: python3.9-3.9.14-1.fc37 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 35 Update: python3.7-3.7.14-1.fc35 - package-announce - Fedora Mailing-Lists	MISC	lists.fedoraproject.org
oss-security - Re: big ints in python: CVE-2020-10735	MLIST	www.openwall.com
oss-security - big ints in python: CVE-2020-10735	MLIST	www.openwall.com
[SECURITY] Fedora 37 Update: python3.6-3.6.15-13.fc37 - package-announce - Fedora Mailing-Lists	MISC	lists.fedoraproject.org
[SECURITY] Fedora 37 Update: python3.10-3.10.7-1.fc37 - package-announce - Fedora Mailing-Lists	MISC	lists.fedoraproject.org
[SECURITY] Fedora 35 Update: python3.6-3.6.15-6.fc35 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 36 Update: python3.8-3.8.14-1.fc36 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 35 Update: python3.11-3.11.0~rc2-1.fc35 - package-announce - Fedora Mailing-Lists	FEDORA	lists.fedoraproject.org
[SECURITY] Fedora 35 Update: python3.6-3.6.15-6.fc35 - package-announce - Fedora Mailing-Lists	MISC	lists.fedoraproject.org
[SECURITY] Fedora 36 Update: python3.7-3.7.14-1.fc36 - package-announce - Fedora Mailing-Lists	MISC	lists.fedoraproject.org
Red Hat Customer Portal - Access to 24x7 support and knowledge	MISC	access.redhat.com
CVE Program record	CVE.ORG	www.cve.org	canonical
NVD vulnerability detail	NVD	nvd.nist.gov	canonical, analysis

No vendor comments have been submitted for this CVE.

Legacy QID Mappings

160193 Oracle Enterprise Linux Security Update for python3.9 (ELSA-2022-7323)
160473 Oracle Enterprise Linux Security Update for python3 (ELSA-2023-0833)
160651 Oracle Enterprise Linux Security Update for python38:3.8 and python38-devel:3.8 (ELSA-2023-2763)
160687 Oracle Enterprise Linux Security Update for python39:3.9 and python39-devel:3.9 (ELSA-2023-2764)
20317 Oracle Database 21c Critical Patch Update - January 2023
240700 Red Hat Update for rh-python38-python (RHSA-2022:6766)
240802 Red Hat Update for python3.9 (RHSA-2022:7323)
241211 Red Hat Update for python3 (RHSA-2023:0833)
241481 Red Hat Update for python38:3.8 and python38-devel:3.8 (RHSA-2023:2763)
241507 Red Hat Update for python39:3.9 and python39-devel:3.9 (RHSA-2023:2764)
242742 Red Hat Update for python3 (RHSA-2024:0430)
283104 Fedora Security Update for python3.9 (FEDORA-2022-46a44a7f83)
283105 Fedora Security Update for python3.8 (FEDORA-2022-66b65beccb)
283106 Fedora Security Update for python3.7 (FEDORA-2022-4b31e33ed0)
283111 Fedora Security Update for python3.8 (FEDORA-2022-29d436596f)
283112 Fedora Security Update for python3.7 (FEDORA-2022-8535093cba)
283139 Fedora Security Update for python3.9 (FEDORA-2022-f511f8f58b)
283142 Fedora Security Update for python3.11 (FEDORA-2022-0b3904c674)
283143 Fedora Security Update for python (FEDORA-2022-c072cdc3c8)
283147 Fedora Security Update for python3.11 (FEDORA-2022-141f632a6f)
283148 Fedora Security Update for python3 (FEDORA-2022-ac82a548df)
283214 Fedora Security Update for python3.6 (FEDORA-2022-d4570fc1a6)
283215 Fedora Security Update for python3.6 (FEDORA-2022-b8b34e62ab)
283294 Fedora Security Update for mingw (FEDORA-2022-d1682fef04)
283444 Fedora Security Update for mingw (FEDORA-2022-79843dfb3c)
296086 Oracle Solaris 11.4 Support Repository Update (SRU) 51.132.1 Missing (CPUOCT2022)
330125 IBM AIX Multiple Vulnerabilities in Python (python_advisory2)
354119 Amazon Linux Security Advisory for python3 : ALAS2-2022-1896
354485 Amazon Linux Security Advisory for python3.10 : ALAS2022-2022-212
354541 Amazon Linux Security Advisory for python3.10 : ALAS-2022-212
355271 Amazon Linux Security Advisory for python3.9 : ALAS2023-2023-116
356200 Amazon Linux Security Advisory for python38 : ALASPYTHON3.8-2023-007
356500 Amazon Linux Security Advisory for python38 : ALAS2PYTHON3.8-2023-007
377909 Oracle PeopleSoft Enterprise PeopleTools Product Multiple Vulnerabilities (CPUJAN2023)
6000019 Debian Security Update for python3.7 (DLA 3477-1)
672343 EulerOS Security Update for python3 (EulerOS-SA-2022-2773)
672368 EulerOS Security Update for python3 (EulerOS-SA-2022-2738)
672399 EulerOS Security Update for python3 (EulerOS-SA-2022-2805)
672427 EulerOS Security Update for python3 (EulerOS-SA-2022-2827)
672460 EulerOS Security Update for python3 (EulerOS-SA-2022-2853)
690936 Free Berkeley Software Distribution (FreeBSD) Security Update for python (80e057e7-2f0a-11ed-978f-fcaa147e860e)
752643 SUSE Enterprise Linux Security Update for python39 (SUSE-SU-2022:3485-1)
752779 SUSE Enterprise Linux Security Update for python3 (SUSE-SU-2022:3924-1)
752921 SUSE Enterprise Linux Security Update for python3 (SUSE-SU-2022:4251-1)
752940 SUSE Enterprise Linux Security Update for python3 (SUSE-SU-2022:4274-1)
752957 SUSE Enterprise Linux Security Update for python3 (SUSE-SU-2022:4281-1)
905249 Common Base Linux Mariner (CBL-Mariner) Security Update for python3 (12982)
906965 Common Base Linux Mariner (CBL-Mariner) Security Update for python3 (12982-1)
940727 AlmaLinux Security Update for python3.9 (ALSA-2022:7323)
940928 AlmaLinux Security Update for python3 (ALSA-2023:0833)
941099 AlmaLinux Security Update for python39:3.9 and python39-devel:3.9 (ALSA-2023:2764)
941101 AlmaLinux Security Update for python38:3.8 and python38-devel:3.8 (ALSA-2023:2763)
960557 Rocky Linux Security Update for python3.9 (RLSA-2022:7323)
960653 Rocky Linux Security Update for python3 (RLSA-2023:0833)