CVE-2020-10735
- Source
- https://cve.org/CVERecord?id=CVE-2020-10735
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-10735.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2020-10735
- Aliases
- Downstream
- Related
- Published
- 2022-09-09T14:15:08.660Z
- Modified
- 2026-03-23T05:12:59.695621Z
- Severity
-
- 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.
- References
-
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OKYE2DOI2X7WZXAWTQJZAXYIWM37HDCY/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V7ZUJDHK7KNG6SLIFXW7MNZ6O2PUJYK6/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZEOAJWGGY55QU35UM2OVZATBW5MX2OZD/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSRPVJZL6DJFWKYRHMNJB7VCEUCBKRF5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TD7JDDKJXK6D26XAN3YRFNM2LAJHT5UO/
- https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NHC6IUU7CLRQ3QLPWUXLONSG3SXFTR47/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OT5WQB7Z3CXOWVBD2AFAHYPA5ONYFFZ4/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PD7FTLJOIGMUSCDR3JAN6WRFHJEE4PH5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZYJSGLSCQOKXXFVJVJQAXLEOJBIWGEL/
- https://lists.debian.org/debian-lts-announce/2024/11/msg00024.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OT5U223OE5ZOUHZAZYSYSWVJQIKDE73E/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBPDVCDIUCEBE7C4NAGNA2KQJYOTPBAZ/
- https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EWKR2SPX3JORLWCXFY3KN2U5B5CIUQQ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XL6E5A3I36TRR73VNBOXNIQP4AMZDFZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4ZZV4CDFRMTPDBI7C5L43RFL3XLIGUY/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2VCU6EVQDIXNCEDJUCTFIER2WVNNDTYZ/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/76YE7AM37MRU76XJV4M27CWDAMUGNRYK/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMWPRAAJS7I6U3U45V7GZVXWNSECI22M/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/32AAQKABEKFCB5DDV5OONRZK6BS23HPW/
- https://access.redhat.com/security/cve/CVE-2020-10735
- http://www.openwall.com/lists/oss-security/2022/09/21/4
- https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y
- http://www.openwall.com/lists/oss-security/2022/09/21/1
- https://bugzilla.redhat.com/show_bug.cgi?id=1834423
- https://github.com/python/cpython/issues/95778
Affected packages
Git / github.com/python/cpython
Affected ranges
- Type
- GIT
- Repo
- https://github.com/python/cpython
- Events
-
IntroducedFixedIntroducedFixedIntroducedFixedIntroducedFixedIntroduced0 Unknown introduced commit / All previous commits are affectedLast affected
- Database specific
{ "versions": [ { "introduced": "3.7.0" }, { "fixed": "3.7.14" }, { "introduced": "3.8.0" }, { "fixed": "3.8.14" }, { "introduced": "3.9.0" }, { "fixed": "3.9.14" }, { "introduced": "3.10.0" }, { "fixed": "3.10.7" }, { "introduced": "0" }, { "last_affected": "3.11.0-rc1" } ] }
Database specific
unresolved_ranges
[
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.11.0-alpha1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.11.0-alpha2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.11.0-alpha3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.11.0-alpha4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.11.0-alpha5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.11.0-alpha6"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.11.0-alpha7"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.11.0-beta1"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.11.0-beta2"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.11.0-beta3"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.11.0-beta4"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.11.0-beta5"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "3.0.0"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "35"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "36"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "37"
}
]
},
{
"events": [
{
"introduced": "0"
},
{
"last_affected": "8.0"
}
]
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2020-10735.json"