7.5

CVE-2020-10735

EPSS 0.31%
Veröffentlicht 09.09.2022 14:15:08
Zuletzt bearbeitet 21.11.2024 04:55:57
Quelle secalert@redhat.com
Teams Watchlist Login
Unerledigt Login

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 30

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Python ≫ Python Version >= 3.7.0 < 3.7.14

Python ≫ Python Version >= 3.8.0 < 3.8.14

Python ≫ Python Version >= 3.9.0 < 3.9.14

Python ≫ Python Version >= 3.10.0 < 3.10.7

Python ≫ Python Version3.11.0 Updatealpha1

Python ≫ Python Version3.11.0 Updatealpha2

Python ≫ Python Version3.11.0 Updatealpha3

Python ≫ Python Version3.11.0 Updatealpha4

Python ≫ Python Version3.11.0 Updatealpha5

Python ≫ Python Version3.11.0 Updatealpha6

Python ≫ Python Version3.11.0 Updatealpha7

Python ≫ Python Version3.11.0 Updatebeta1

Python ≫ Python Version3.11.0 Updatebeta2

Python ≫ Python Version3.11.0 Updatebeta3

Python ≫ Python Version3.11.0 Updatebeta4

Python ≫ Python Version3.11.0 Updatebeta5

Python ≫ Python Version3.11.0 Updaterc1

Redhat ≫ Quay Version3.0.0

Redhat ≫ Software Collections Version-

Fedoraproject ≫ Fedora Version35

Fedoraproject ≫ Fedora Version36

Fedoraproject ≫ Fedora Version37

Redhat ≫ Enterprise Linux Version8.0

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.31%	0.541

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.5	3.9	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE-704 Incorrect Type Conversion or Cast

The product does not correctly convert an object, resource, or structure from one type to a different type.

https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OKYE2DOI2X7WZXAWTQJZAXYIWM37HDCY/

http://www.openwall.com/lists/oss-security/2022/09/21/1

Third Party Advisory

http://www.openwall.com/lists/oss-security/2022/09/21/4

Third Party Advisory

Mailing List

https://access.redhat.com/security/cve/CVE-2020-10735

Third Party Advisory

https://bugzilla.redhat.com/show_bug.cgi?id=1834423

Third Party Advisory

Issue Tracking

https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y

Third Party Advisory

https://github.com/python/cpython/issues/95778

Patch

Third Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2VCU6EVQDIXNCEDJUCTFIER2WVNNDTYZ/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/32AAQKABEKFCB5DDV5OONRZK6BS23HPW/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EWKR2SPX3JORLWCXFY3KN2U5B5CIUQQ/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XL6E5A3I36TRR73VNBOXNIQP4AMZDFZ/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/76YE7AM37MRU76XJV4M27CWDAMUGNRYK/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSRPVJZL6DJFWKYRHMNJB7VCEUCBKRF5/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NHC6IUU7CLRQ3QLPWUXLONSG3SXFTR47/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OT5U223OE5ZOUHZAZYSYSWVJQIKDE73E/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OT5WQB7Z3CXOWVBD2AFAHYPA5ONYFFZ4/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PD7FTLJOIGMUSCDR3JAN6WRFHJEE4PH5/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZYJSGLSCQOKXXFVJVJQAXLEOJBIWGEL/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TD7JDDKJXK6D26XAN3YRFNM2LAJHT5UO/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMWPRAAJS7I6U3U45V7GZVXWNSECI22M/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4ZZV4CDFRMTPDBI7C5L43RFL3XLIGUY/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBPDVCDIUCEBE7C4NAGNA2KQJYOTPBAZ/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V7ZUJDHK7KNG6SLIFXW7MNZ6O2PUJYK6/

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZEOAJWGGY55QU35UM2OVZATBW5MX2OZD/

https://nvd.nist.gov/vuln/detail/CVE-2020-10735

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2020-10735

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2020-10735

EUVD