Lucene search

K
cveRedhatCVE-2020-10735
HistorySep 09, 2022 - 2:15 p.m.

CVE-2020-10735

2022-09-0914:15:08
CWE-704
redhat
web.nvd.nist.gov
486
17
cve-2020-10735
python
vulnerability
system availability
quadratic time complexity
int parsing

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0.006

Percentile

77.9%

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int(“text”), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.

Affected configurations

Nvd
Vulners
Node
pythonpythonRange3.7.03.7.14
OR
pythonpythonRange3.8.03.8.14
OR
pythonpythonRange3.9.03.9.14
OR
pythonpythonRange3.10.03.10.7
OR
pythonpythonMatch3.11.0alpha1
OR
pythonpythonMatch3.11.0alpha2
OR
pythonpythonMatch3.11.0alpha3
OR
pythonpythonMatch3.11.0alpha4
OR
pythonpythonMatch3.11.0alpha5
OR
pythonpythonMatch3.11.0alpha6
OR
pythonpythonMatch3.11.0alpha7
OR
pythonpythonMatch3.11.0beta1
OR
pythonpythonMatch3.11.0beta2
OR
pythonpythonMatch3.11.0beta3
OR
pythonpythonMatch3.11.0beta4
OR
pythonpythonMatch3.11.0beta5
OR
pythonpythonMatch3.11.0rc1
Node
redhatquayMatch3.0.0
OR
redhatsoftware_collectionsMatch-
OR
fedoraprojectfedoraMatch35
OR
fedoraprojectfedoraMatch36
OR
fedoraprojectfedoraMatch37
OR
redhatenterprise_linuxMatch8.0
VendorProductVersionCPE
pythonpython*cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
pythonpython3.11.0cpe:2.3:a:python:python:3.11.0:alpha1:*:*:*:*:*:*
pythonpython3.11.0cpe:2.3:a:python:python:3.11.0:alpha2:*:*:*:*:*:*
pythonpython3.11.0cpe:2.3:a:python:python:3.11.0:alpha3:*:*:*:*:*:*
pythonpython3.11.0cpe:2.3:a:python:python:3.11.0:alpha4:*:*:*:*:*:*
pythonpython3.11.0cpe:2.3:a:python:python:3.11.0:alpha5:*:*:*:*:*:*
pythonpython3.11.0cpe:2.3:a:python:python:3.11.0:alpha6:*:*:*:*:*:*
pythonpython3.11.0cpe:2.3:a:python:python:3.11.0:alpha7:*:*:*:*:*:*
pythonpython3.11.0cpe:2.3:a:python:python:3.11.0:beta1:*:*:*:*:*:*
pythonpython3.11.0cpe:2.3:a:python:python:3.11.0:beta2:*:*:*:*:*:*
Rows per page:
1-10 of 201

CNA Affected

[
  {
    "vendor": "n/a",
    "product": "python",
    "versions": [
      {
        "version": "python 3.7",
        "status": "affected"
      }
    ]
  }
]

References

Social References

More

CVSS3

7.5

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

AI Score

7.5

Confidence

High

EPSS

0.006

Percentile

77.9%