{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2020-10735", "assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "dateUpdated": "2024-08-04T11:14:14.254Z", "dateReserved": "2020-03-20T00:00:00", "datePublished": "2022-09-09T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat", "dateUpdated": "2022-11-14T00:00:00"}, "descriptions": [{"lang": "en", "value": "A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int(\"text\"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability."}], "affected": [{"vendor": "n/a", "product": "python", "versions": [{"version": "python 3.7", "status": "affected"}]}], "references": [{"url": "https://access.redhat.com/security/cve/CVE-2020-10735"}, {"url": "https://github.com/python/cpython/issues/95778"}, {"url": "https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834423"}, {"name": "FEDORA-2022-46a44a7f83", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EWKR2SPX3JORLWCXFY3KN2U5B5CIUQQ/"}, {"name": "FEDORA-2022-66b65beccb", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2VCU6EVQDIXNCEDJUCTFIER2WVNNDTYZ/"}, {"name": "FEDORA-2022-4b31e33ed0", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V7ZUJDHK7KNG6SLIFXW7MNZ6O2PUJYK6/"}, {"name": "FEDORA-2022-6d57598a23", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSRPVJZL6DJFWKYRHMNJB7VCEUCBKRF5/"}, {"name": "FEDORA-2022-f330bbfda2", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XL6E5A3I36TRR73VNBOXNIQP4AMZDFZ/"}, {"name": "FEDORA-2022-29d436596f", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/32AAQKABEKFCB5DDV5OONRZK6BS23HPW/"}, {"name": "FEDORA-2022-b01214472e", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4ZZV4CDFRMTPDBI7C5L43RFL3XLIGUY/"}, {"name": "FEDORA-2022-dd5032bedf", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZYJSGLSCQOKXXFVJVJQAXLEOJBIWGEL/"}, {"name": "FEDORA-2022-8535093cba", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OT5WQB7Z3CXOWVBD2AFAHYPA5ONYFFZ4/"}, {"name": "FEDORA-2022-72213986b8", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBPDVCDIUCEBE7C4NAGNA2KQJYOTPBAZ/"}, {"name": "[oss-security] 20220921 big ints in python: CVE-2020-10735", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2022/09/21/1"}, {"name": "[oss-security] 20220921 Re: big ints in python: CVE-2020-10735", "tags": ["mailing-list"], "url": "http://www.openwall.com/lists/oss-security/2022/09/21/4"}, {"name": "FEDORA-2022-f511f8f58b", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OKYE2DOI2X7WZXAWTQJZAXYIWM37HDCY/"}, {"name": "FEDORA-2022-c072cdc3c8", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OT5U223OE5ZOUHZAZYSYSWVJQIKDE73E/"}, {"name": "FEDORA-2022-0b3904c674", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PD7FTLJOIGMUSCDR3JAN6WRFHJEE4PH5/"}, {"name": "FEDORA-2022-141f632a6f", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/76YE7AM37MRU76XJV4M27CWDAMUGNRYK/"}, {"name": "FEDORA-2022-ac82a548df", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZEOAJWGGY55QU35UM2OVZATBW5MX2OZD/"}, {"name": "FEDORA-2022-d4570fc1a6", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NHC6IUU7CLRQ3QLPWUXLONSG3SXFTR47/"}, {"name": "FEDORA-2022-b8b34e62ab", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TD7JDDKJXK6D26XAN3YRFNM2LAJHT5UO/"}, {"name": "FEDORA-2022-d1682fef04", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/"}, {"name": "FEDORA-2022-79843dfb3c", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/"}, {"name": "FEDORA-2022-958fd7a32e", "tags": ["vendor-advisory"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMWPRAAJS7I6U3U45V7GZVXWNSECI22M/"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "DoS"}]}]}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T11:14:14.254Z"}, "title": "CVE Program Container", "references": [{"url": "https://access.redhat.com/security/cve/CVE-2020-10735", "tags": ["x_transferred"]}, {"url": "https://github.com/python/cpython/issues/95778", "tags": ["x_transferred"]}, {"url": "https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y", "tags": ["x_transferred"]}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834423", "tags": ["x_transferred"]}, {"name": "FEDORA-2022-46a44a7f83", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EWKR2SPX3JORLWCXFY3KN2U5B5CIUQQ/"}, {"name": "FEDORA-2022-66b65beccb", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2VCU6EVQDIXNCEDJUCTFIER2WVNNDTYZ/"}, {"name": "FEDORA-2022-4b31e33ed0", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V7ZUJDHK7KNG6SLIFXW7MNZ6O2PUJYK6/"}, {"name": "FEDORA-2022-6d57598a23", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSRPVJZL6DJFWKYRHMNJB7VCEUCBKRF5/"}, {"name": "FEDORA-2022-f330bbfda2", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XL6E5A3I36TRR73VNBOXNIQP4AMZDFZ/"}, {"name": "FEDORA-2022-29d436596f", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/32AAQKABEKFCB5DDV5OONRZK6BS23HPW/"}, {"name": "FEDORA-2022-b01214472e", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4ZZV4CDFRMTPDBI7C5L43RFL3XLIGUY/"}, {"name": "FEDORA-2022-dd5032bedf", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZYJSGLSCQOKXXFVJVJQAXLEOJBIWGEL/"}, {"name": "FEDORA-2022-8535093cba", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OT5WQB7Z3CXOWVBD2AFAHYPA5ONYFFZ4/"}, {"name": "FEDORA-2022-72213986b8", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBPDVCDIUCEBE7C4NAGNA2KQJYOTPBAZ/"}, {"name": "[oss-security] 20220921 big ints in python: CVE-2020-10735", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/09/21/1"}, {"name": "[oss-security] 20220921 Re: big ints in python: CVE-2020-10735", "tags": ["mailing-list", "x_transferred"], "url": "http://www.openwall.com/lists/oss-security/2022/09/21/4"}, {"name": "FEDORA-2022-f511f8f58b", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OKYE2DOI2X7WZXAWTQJZAXYIWM37HDCY/"}, {"name": "FEDORA-2022-c072cdc3c8", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OT5U223OE5ZOUHZAZYSYSWVJQIKDE73E/"}, {"name": "FEDORA-2022-0b3904c674", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PD7FTLJOIGMUSCDR3JAN6WRFHJEE4PH5/"}, {"name": "FEDORA-2022-141f632a6f", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/76YE7AM37MRU76XJV4M27CWDAMUGNRYK/"}, {"name": "FEDORA-2022-ac82a548df", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZEOAJWGGY55QU35UM2OVZATBW5MX2OZD/"}, {"name": "FEDORA-2022-d4570fc1a6", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NHC6IUU7CLRQ3QLPWUXLONSG3SXFTR47/"}, {"name": "FEDORA-2022-b8b34e62ab", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TD7JDDKJXK6D26XAN3YRFNM2LAJHT5UO/"}, {"name": "FEDORA-2022-d1682fef04", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/"}, {"name": "FEDORA-2022-79843dfb3c", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/"}, {"name": "FEDORA-2022-958fd7a32e", "tags": ["vendor-advisory", "x_transferred"], "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMWPRAAJS7I6U3U45V7GZVXWNSECI22M/"}, {"url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", "tags": ["x_transferred"]}]}]}}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "0743C1B3-D44D-4940-AAF4-25DEFB46AC74", "versionEndExcluding": "3.7.14", "versionStartIncluding": "3.7.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "5E28EB81-9BE6-4EC9-AC44-EFA4DDB0233F", "versionEndExcluding": "3.8.14", "versionStartIncluding": "3.8.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "24517651-FDBB-4867-99A6-25E12EE8A117", "versionEndExcluding": "3.9.14", "versionStartIncluding": "3.9.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "matchCriteriaId": "6D795AAC-B427-4067-99F3-D36B0F936ACB", "versionEndExcluding": "3.10.7", "versionStartIncluding": "3.10.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.11.0:alpha1:*:*:*:*:*:*", "matchCriteriaId": "514A577E-5E60-40BA-ABD0-A8C5EB28BD90", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.11.0:alpha2:*:*:*:*:*:*", "matchCriteriaId": "83B71795-9C81-4E5F-967C-C11808F24B05", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.11.0:alpha3:*:*:*:*:*:*", "matchCriteriaId": "3F6F71F3-299E-4A4B-ADD1-EAD5A1D433E2", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.11.0:alpha4:*:*:*:*:*:*", "matchCriteriaId": "D9BBF4E9-EA54-41B5-948E-8E3D2660B7EF", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.11.0:alpha5:*:*:*:*:*:*", "matchCriteriaId": "AEBFDCE7-81D4-4741-BB88-12C704515F5C", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.11.0:alpha6:*:*:*:*:*:*", "matchCriteriaId": "156EB4C2-EFB7-4CEB-804D-93DB62992A63", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.11.0:alpha7:*:*:*:*:*:*", "matchCriteriaId": "8CC972AE-16A8-4B74-A3E7-36BCDD7C1ED3", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.11.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "554015CB-0325-438B-8C11-0F85F54ABC50", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.11.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "8037C129-0030-455E-A359-98E14D1498D4", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.11.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "7C3DC43B-72CC-4FC5-8072-F051FB47F6D1", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.11.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "6657ED60-908B-48E6-B95B-572E57CFBB69", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.11.0:beta5:*:*:*:*:*:*", "matchCriteriaId": "1EF628A1-82F5-403C-B527-388C13507CDF", "vulnerable": true}, {"criteria": "cpe:2.3:a:python:python:3.11.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "3055A198-13F8-42C0-8FD7-316AA8984A8A", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B1987BDA-0113-4603-B9BE-76647EB043F2", "vulnerable": true}, {"criteria": "cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*", "matchCriteriaId": "749804DA-4B27-492A-9ABA-6BB562A6B3AC", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD", "vulnerable": true}, {"criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int(\"text\"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability."}, {"lang": "es", "value": "Se ha encontrado un fallo en python. En los algoritmos con complejidad de tiempo cuadr\u00e1tica que usan bases no binarias, cuando es usada int(\"text\"), un sistema podr\u00eda tardar 50ms en analizar una cadena int con 100.000 d\u00edgitos y 5s para 1.000.000 de d\u00edgitos (float, decimal, int.from_bytes(), e int() para bases binarias 2, 4, 8, 16, y 32 no est\u00e1n afectados). La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema"}], "id": "CVE-2020-10735", "lastModified": "2023-06-30T23:15:09.393", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-09-09T14:15:08.660", "references": [{"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/09/21/1"}, {"source": "secalert@redhat.com", "tags": ["Mailing List", "Third Party Advisory"], "url": "http://www.openwall.com/lists/oss-security/2022/09/21/4"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://access.redhat.com/security/cve/CVE-2020-10735"}, {"source": "secalert@redhat.com", "tags": ["Issue Tracking", "Third Party Advisory"], "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834423"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Third Party Advisory"], "url": "https://github.com/python/cpython/issues/95778"}, {"source": "secalert@redhat.com", "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2VCU6EVQDIXNCEDJUCTFIER2WVNNDTYZ/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/32AAQKABEKFCB5DDV5OONRZK6BS23HPW/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EWKR2SPX3JORLWCXFY3KN2U5B5CIUQQ/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XL6E5A3I36TRR73VNBOXNIQP4AMZDFZ/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/76YE7AM37MRU76XJV4M27CWDAMUGNRYK/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSRPVJZL6DJFWKYRHMNJB7VCEUCBKRF5/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NHC6IUU7CLRQ3QLPWUXLONSG3SXFTR47/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OKYE2DOI2X7WZXAWTQJZAXYIWM37HDCY/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OT5U223OE5ZOUHZAZYSYSWVJQIKDE73E/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OT5WQB7Z3CXOWVBD2AFAHYPA5ONYFFZ4/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PD7FTLJOIGMUSCDR3JAN6WRFHJEE4PH5/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZYJSGLSCQOKXXFVJVJQAXLEOJBIWGEL/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TD7JDDKJXK6D26XAN3YRFNM2LAJHT5UO/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMWPRAAJS7I6U3U45V7GZVXWNSECI22M/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4ZZV4CDFRMTPDBI7C5L43RFL3XLIGUY/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBPDVCDIUCEBE7C4NAGNA2KQJYOTPBAZ/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V7ZUJDHK7KNG6SLIFXW7MNZ6O2PUJYK6/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/"}, {"source": "secalert@redhat.com", "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZEOAJWGGY55QU35UM2OVZATBW5MX2OZD/"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-704"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2023:0833", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "python3-0:3.6.8-48.el8_7.1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-02-21T00:00:00Z"}, {"advisory": "RHSA-2023:2763", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "python38:3.8-8080020221221151857.0d9ba776", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-05-16T00:00:00Z"}, {"advisory": "RHSA-2023:2763", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "python38-devel:3.8-8080020221221151857.0d9ba776", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-05-16T00:00:00Z"}, {"advisory": "RHSA-2023:2764", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "python39:3.9-8080020221221152015.aed85c85", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-05-16T00:00:00Z"}, {"advisory": "RHSA-2023:2764", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "python39-devel:3.9-8080020221221152015.aed85c85", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-05-16T00:00:00Z"}, {"advisory": "RHSA-2023:2764", "cpe": "cpe:/a:redhat:enterprise_linux:8::crb", "package": "python39:3.9-8080020221221152015.aed85c85", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-05-16T00:00:00Z"}, {"advisory": "RHSA-2023:2764", "cpe": "cpe:/a:redhat:enterprise_linux:8::crb", "package": "python39-devel:3.9-8080020221221152015.aed85c85", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-05-16T00:00:00Z"}, {"advisory": "RHSA-2023:0833", "cpe": "cpe:/o:redhat:enterprise_linux:8", "package": "python3-0:3.6.8-48.el8_7.1", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2023-02-21T00:00:00Z"}, {"advisory": "RHSA-2024:0430", "cpe": "cpe:/a:redhat:rhel_eus:8.6", "package": "python3-0:3.6.8-47.el8_6.4", "product_name": "Red Hat Enterprise Linux 8.6 Extended Update Support", "release_date": "2024-01-25T00:00:00Z"}, {"advisory": "RHSA-2022:7323", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "python3.9-0:3.9.10-3.el9_0", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-11-02T00:00:00Z"}, {"advisory": "RHSA-2022:7323", "cpe": "cpe:/o:redhat:enterprise_linux:9", "package": "python3.9-0:3.9.10-3.el9_0", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2022-11-02T00:00:00Z"}, {"advisory": "RHSA-2022:6766", "cpe": "cpe:/a:redhat:rhel_software_collections:3::el7", "package": "rh-python38-python-0:3.8.14-1.el7", "product_name": "Red Hat Software Collections for Red Hat Enterprise Linux 7", "release_date": "2022-10-03T00:00:00Z"}], "bugzilla": {"description": "python: int() type in PyLong_FromString() does not limit amount of digits converting text to int leading to DoS", "id": "1834423", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834423"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-704->CWE-400", "details": ["A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int(\"text\"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.", "A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int(\"text\"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability."], "name": "CVE-2020-10735", "package_state": [{"cpe": "cpe:/o:redhat:enterprise_linux:5", "fix_state": "Out of support scope", "package_name": "python", "product_name": "Red Hat Enterprise Linux 5"}, {"cpe": "cpe:/o:redhat:enterprise_linux:6", "fix_state": "Out of support scope", "package_name": "python", "product_name": "Red Hat Enterprise Linux 6"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "python", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:7", "fix_state": "Out of support scope", "package_name": "python3", "product_name": "Red Hat Enterprise Linux 7"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Will not fix", "package_name": "python27:2.7/python2", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Not affected", "package_name": "python36:3.6/python36", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/o:redhat:enterprise_linux:8", "fix_state": "Affected", "package_name": "python39", "product_name": "Red Hat Enterprise Linux 8"}, {"cpe": "cpe:/a:redhat:quay:3", "fix_state": "Affected", "package_name": "quay", "product_name": "Red Hat Quay 3"}, {"cpe": "cpe:/a:redhat:rhel_software_collections:3", "fix_state": "Will not fix", "package_name": "python27-python", "product_name": "Red Hat Software Collections"}], "public_date": "2022-09-02T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2020-10735\nhttps://nvd.nist.gov/vuln/detail/CVE-2020-10735"], "statement": "Versions of `python36:3.6/python36` as shipped with Red Hat Enterprise Linux 8 are marked as 'Not affected' as they just provide \"symlinks\" to the main `python3` component, which provides the actual interpreter of the Python programming language.", "threat_severity": "Moderate"}