EUVD-2020-3159

Malware in sbrugna...

BIT-LIBPYTHON-2020-10735

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int"text", a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits float, decimal, int.frombytes, and int for binary bases 2, 4, 8, 16, and 32 are no...

Denial Of Service (DoS)

vllm is vulnerable to a Denial Of Service DoS. The vulnerability is due to inefficient list concatenation operations and also dynamic replacement of placeholder tokens with repeated tokens based on precomputed lengths, allowing an attacker to trigger resource exhaustion by exploiting the quadrati...

CVE-2025-46560 vLLM phi4mm: Quadratic Time Complexity in Input Token Processing​ leads to denial of service

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.8.0 and prior to 0.8.5 are affected by a critical performance vulnerability in the input preprocessing logic of the multimodal tokenizer. The code dynamically replaces placeholder tokens...

phi4mm: Quadratic Time Complexity in Input Token Processing​ leads to denial of service

Summary A critical performance vulnerability has been identified in the input preprocessing logic of the multimodal tokenizer. The code dynamically replaces placeholder tokens e.g., , with repeated tokens based on precomputed lengths. Due to ​​inefficient list concatenation operations​​, the...

GHSA-VC6M-HM49-G9QG phi4mm: Quadratic Time Complexity in Input Token Processing​ leads to denial of service

Summary A critical performance vulnerability has been identified in the input preprocessing logic of the multimodal tokenizer. The code dynamically replaces placeholder tokens e.g., , with repeated tokens based on precomputed lengths. Due to ​​inefficient list concatenation operations​​, the...

BIT-PYTHON-MIN-2020-10735

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int"text", a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits float, decimal, int.frombytes, and int for binary bases 2, 4, 8, 16, and 32 are no...

PT-2025-5893

Name of the Vulnerable Software and Affected Versions libtasn1 affected versions not specified Description A flaw in libtasn1 causes inefficient handling of specific certificate data. When processing a large number of elements in a certificate, libtasn1 takes much longer than expected, which can...

BIT-PYTHON-2020-10735

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int"text", a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits float, decimal, int.frombytes, and int for binary bases 2, 4, 8, 16, and 32 are no...

NewStart CGSL MAIN 6.06 : python3 Multiple Vulnerabilities (NS-SA-2023-0130)

The remote NewStart CGSL host, running version MAIN 6.06, has python3 packages installed that are affected by multiple vulnerabilities: - A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using inttext, a system could take 50ms to parse an int...

Rocky Linux 9 : python3.9 (RLSA-2022:7323)

The remote Rocky Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RLSA-2022:7323 advisory. - A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using inttext, a system could take 50ms to parse an int...

EulerOS Virtualization 3.0.6.0 : python3 (EulerOS-SA-2023-2229)

According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - In Python aka CPython up to 3.10.8, the mailcap module does not add escape characters into commands discovered in the system...

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases when using int("text") a system could take 50ms to parse an int string with 100000 digits and 5s for 1000000 digits (float decimal int.from_bytes() and int() for binary bases 2 4 8 16 and 32 are not affected). The highest threat from this vulnerability is to system availability.

...

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2023-1151)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2023 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.9.1 : python3 (EulerOS-SA-2023-1199)

According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int'text', a system...

EulerOS Virtualization 2.9.0 : python3 (EulerOS-SA-2023-1229)

According to the versions of the python3 packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : - A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int'text', a system...

Fedora 36 : python3.6 (2022-d4570fc1a6)

The remote Fedora 36 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2022-d4570fc1a6 advisory. Prevent denial of service DoS by very large integers. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note...

EulerOS 2.0 SP10 : python3 (EulerOS-SA-2022-2827)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int'text', a system could take 50ms...

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2022-2805)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Amazon Linux 2022 : python3.10 (ALAS2022-2022-212)

The version of python3.10 installed on the remote host is prior to 3.10.8-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2022-2022-212 advisory. - A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using inttext, a syst...