CVE-2020-10735

high

Description

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.

References

https://access.redhat.com/security/cve/CVE-2020-10735

https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y

https://bugzilla.redhat.com/show_bug.cgi?id=1834423

https://github.com/python/cpython/issues/95778

https://lists.fedoraproject.org/archives/list/[email protected]/message/4EWKR2SPX3JORLWCXFY3KN2U5B5CIUQQ/

https://lists.fedoraproject.org/archives/list/[email protected]/message/2VCU6EVQDIXNCEDJUCTFIER2WVNNDTYZ/

https://lists.fedoraproject.org/archives/list/[email protected]/message/V7ZUJDHK7KNG6SLIFXW7MNZ6O2PUJYK6/

https://lists.fedoraproject.org/archives/list/[email protected]/message/HSRPVJZL6DJFWKYRHMNJB7VCEUCBKRF5/

https://lists.fedoraproject.org/archives/list/[email protected]/message/6XL6E5A3I36TRR73VNBOXNIQP4AMZDFZ/

https://lists.fedoraproject.org/archives/list/[email protected]/message/U4ZZV4CDFRMTPDBI7C5L43RFL3XLIGUY/

https://lists.fedoraproject.org/archives/list/[email protected]/message/32AAQKABEKFCB5DDV5OONRZK6BS23HPW/

https://lists.fedoraproject.org/archives/list/[email protected]/message/SZYJSGLSCQOKXXFVJVJQAXLEOJBIWGEL/

https://lists.fedoraproject.org/archives/list/[email protected]/message/OT5WQB7Z3CXOWVBD2AFAHYPA5ONYFFZ4/

https://lists.fedoraproject.org/archives/list/[email protected]/message/UBPDVCDIUCEBE7C4NAGNA2KQJYOTPBAZ/

http://www.openwall.com/lists/oss-security/2022/09/21/1

http://www.openwall.com/lists/oss-security/2022/09/21/4

https://lists.fedoraproject.org/archives/list/[email protected]/message/OKYE2DOI2X7WZXAWTQJZAXYIWM37HDCY/

https://lists.fedoraproject.org/archives/list/[email protected]/message/PD7FTLJOIGMUSCDR3JAN6WRFHJEE4PH5/

https://lists.fedoraproject.org/archives/list/[email protected]/message/OT5U223OE5ZOUHZAZYSYSWVJQIKDE73E/

https://lists.fedoraproject.org/archives/list/[email protected]/message/76YE7AM37MRU76XJV4M27CWDAMUGNRYK/

https://lists.fedoraproject.org/archives/list/[email protected]/message/ZEOAJWGGY55QU35UM2OVZATBW5MX2OZD/

https://lists.fedoraproject.org/archives/list/[email protected]/message/NHC6IUU7CLRQ3QLPWUXLONSG3SXFTR47/

https://lists.fedoraproject.org/archives/list/[email protected]/message/TD7JDDKJXK6D26XAN3YRFNM2LAJHT5UO/

https://lists.fedoraproject.org/archives/list/[email protected]/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/

https://lists.fedoraproject.org/archives/list/[email protected]/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/

https://lists.fedoraproject.org/archives/list/[email protected]/message/TMWPRAAJS7I6U3U45V7GZVXWNSECI22M/

Details

Source: MITRE

Published: 2022-09-09

Updated: 2023-01-19

Type: CWE-704