CVE-2020-10735

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-10735

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-10735.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2020-10735

Aliases

Related

Published

2022-09-09T14:15:08Z

Modified

2024-09-11T06:13:30.283754Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.

References

Affected packages

Debian:11 / pypy3

Package

Name: pypy3
Purl: pkg:deb/debian/pypy3?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

7.*

7.3.5+dfsg-2

7.3.5+dfsg-2+deb11u1

7.3.5+dfsg-2+deb11u2

7.3.6~rc2+dfsg-1

7.3.6~rc2+dfsg-2

7.3.6+dfsg-1

7.3.7+dfsg-1

7.3.7+dfsg-2

7.3.7+dfsg-3

7.3.7+dfsg-4

7.3.7+dfsg-5

7.3.8~rc1+dfsg-1

7.3.8~rc1+dfsg-2

7.3.8+dfsg-1

7.3.8+dfsg-2

7.3.9+dfsg-1

7.3.9+dfsg-2

7.3.9+dfsg-3

7.3.9+dfsg-4

7.3.9+dfsg-5

7.3.10~rc3+dfsg-1

7.3.10~rc3+dfsg-2

7.3.10+dfsg-1

7.3.11+dfsg-1

7.3.11+dfsg-2

7.3.12~rc1+dfsg-1

7.3.12~rc2+dfsg-1

7.3.12+dfsg-1

7.3.13+dfsg-1

7.3.14+dfsg-1

7.3.15+dfsg-1

7.3.16+dfsg-1

7.3.16+dfsg-2

7.3.17+dfsg-1

7.3.17+dfsg-2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / pypy3

Package

Name: pypy3
Purl: pkg:deb/debian/pypy3?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.3.10+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / pypy3

Package

Name: pypy3
Purl: pkg:deb/debian/pypy3?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

7.3.10+dfsg-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / python2.7

Package

Name: python2.7
Purl: pkg:deb/debian/python2.7?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

2.*

2.7.18-8

2.7.18-8+deb11u1

2.7.18-9

2.7.18-10

2.7.18-11

2.7.18-12

2.7.18-13

2.7.18-13.1~exp1

2.7.18-13.1

2.7.18-13.2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / python3.11

Package

Name: python3.11
Purl: pkg:deb/debian/python3.11?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.11.0~rc2-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:11 / python3.9

Package

Name: python3.9
Purl: pkg:deb/debian/python3.9?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Affected versions

3.*

3.9.2-1

3.9.3-1

3.9.3-2

3.9.4-1

3.9.5-1

3.9.5-2

3.9.5-3

3.9.6-1

3.9.7-1

3.9.7-2

3.9.7-4

3.9.8-1

3.9.8-2

3.9.9-1

3.9.9-2

3.9.9-3

3.9.9-4

3.9.10-1

3.9.10-2

3.9.11-1

3.9.12-1

3.9.13-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}