CVE Vulnerabilities

CVE-2020-10735

Incorrect Type Conversion or Cast

Published: Sep 09, 2022 | Modified: Jun 30, 2023
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CVSS 2.x
RedHat/V2
RedHat/V3
Ubuntu

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int(text), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.

Weakness

The product does not correctly convert an object, resource, or structure from one type to a different type.

Affected Software

Name Vendor Start Version End Version
Python Python 3.11.0 3.11.0
Python Python 3.11.0 3.11.0
Python Python 3.11.0 3.11.0
Python Python 3.11.0 3.11.0
Python Python 3.11.0 3.11.0
Python Python 3.11.0 3.11.0
Python Python 3.7.0 *
Python Python 3.8.0 *
Python Python 3.11.0 3.11.0
Python Python 3.11.0 3.11.0
Python Python 3.11.0 3.11.0
Python Python 3.11.0 3.11.0
Python Python 3.11.0 3.11.0
Python Python 3.10.0 *
Python Python 3.9.0 *
Python Python 3.11.0 3.11.0
Python Python 3.11.0 3.11.0

References