{ "id": "CVE-2020-10735", "sourceIdentifier": "secalert@redhat.com", "published": "2022-09-09T14:15:08.660", "lastModified": "2023-06-30T23:15:09.393", "vulnStatus": "Modified", "descriptions": [ { "lang": "en", "value": "A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int(\"text\"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability." }, { "lang": "es", "value": "Se ha encontrado un fallo en python. En los algoritmos con complejidad de tiempo cuadr\u00e1tica que usan bases no binarias, cuando es usada int(\"text\"), un sistema podr\u00eda tardar 50ms en analizar una cadena int con 100.000 d\u00edgitos y 5s para 1.000.000 de d\u00edgitos (float, decimal, int.from_bytes(), e int() para bases binarias 2, 4, 8, 16, y 32 no est\u00e1n afectados). La mayor amenaza de esta vulnerabilidad es la disponibilidad del sistema" } ], "metrics": { "cvssMetricV31": [ { "source": "nvd@nist.gov", "type": "Primary", "cvssData": { "version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH" }, "exploitabilityScore": 3.9, "impactScore": 3.6 } ] }, "weaknesses": [ { "source": "nvd@nist.gov", "type": "Primary", "description": [ { "lang": "en", "value": "CWE-704" } ] } ], "configurations": [ { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.7.0", "versionEndExcluding": "3.7.14", "matchCriteriaId": "0743C1B3-D44D-4940-AAF4-25DEFB46AC74" }, { "vulnerable": true, "criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.8.0", "versionEndExcluding": "3.8.14", "matchCriteriaId": "5E28EB81-9BE6-4EC9-AC44-EFA4DDB0233F" }, { "vulnerable": true, "criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.9.0", "versionEndExcluding": "3.9.14", "matchCriteriaId": "24517651-FDBB-4867-99A6-25E12EE8A117" }, { "vulnerable": true, "criteria": "cpe:2.3:a:python:python:*:*:*:*:*:*:*:*", "versionStartIncluding": "3.10.0", "versionEndExcluding": "3.10.7", "matchCriteriaId": "6D795AAC-B427-4067-99F3-D36B0F936ACB" }, { "vulnerable": true, "criteria": "cpe:2.3:a:python:python:3.11.0:alpha1:*:*:*:*:*:*", "matchCriteriaId": "514A577E-5E60-40BA-ABD0-A8C5EB28BD90" }, { "vulnerable": true, "criteria": "cpe:2.3:a:python:python:3.11.0:alpha2:*:*:*:*:*:*", "matchCriteriaId": "83B71795-9C81-4E5F-967C-C11808F24B05" }, { "vulnerable": true, "criteria": "cpe:2.3:a:python:python:3.11.0:alpha3:*:*:*:*:*:*", "matchCriteriaId": "3F6F71F3-299E-4A4B-ADD1-EAD5A1D433E2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:python:python:3.11.0:alpha4:*:*:*:*:*:*", "matchCriteriaId": "D9BBF4E9-EA54-41B5-948E-8E3D2660B7EF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:python:python:3.11.0:alpha5:*:*:*:*:*:*", "matchCriteriaId": "AEBFDCE7-81D4-4741-BB88-12C704515F5C" }, { "vulnerable": true, "criteria": "cpe:2.3:a:python:python:3.11.0:alpha6:*:*:*:*:*:*", "matchCriteriaId": "156EB4C2-EFB7-4CEB-804D-93DB62992A63" }, { "vulnerable": true, "criteria": "cpe:2.3:a:python:python:3.11.0:alpha7:*:*:*:*:*:*", "matchCriteriaId": "8CC972AE-16A8-4B74-A3E7-36BCDD7C1ED3" }, { "vulnerable": true, "criteria": "cpe:2.3:a:python:python:3.11.0:beta1:*:*:*:*:*:*", "matchCriteriaId": "554015CB-0325-438B-8C11-0F85F54ABC50" }, { "vulnerable": true, "criteria": "cpe:2.3:a:python:python:3.11.0:beta2:*:*:*:*:*:*", "matchCriteriaId": "8037C129-0030-455E-A359-98E14D1498D4" }, { "vulnerable": true, "criteria": "cpe:2.3:a:python:python:3.11.0:beta3:*:*:*:*:*:*", "matchCriteriaId": "7C3DC43B-72CC-4FC5-8072-F051FB47F6D1" }, { "vulnerable": true, "criteria": "cpe:2.3:a:python:python:3.11.0:beta4:*:*:*:*:*:*", "matchCriteriaId": "6657ED60-908B-48E6-B95B-572E57CFBB69" }, { "vulnerable": true, "criteria": "cpe:2.3:a:python:python:3.11.0:beta5:*:*:*:*:*:*", "matchCriteriaId": "1EF628A1-82F5-403C-B527-388C13507CDF" }, { "vulnerable": true, "criteria": "cpe:2.3:a:python:python:3.11.0:rc1:*:*:*:*:*:*", "matchCriteriaId": "3055A198-13F8-42C0-8FD7-316AA8984A8A" } ] } ] }, { "nodes": [ { "operator": "OR", "negate": false, "cpeMatch": [ { "vulnerable": true, "criteria": "cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*", "matchCriteriaId": "B1987BDA-0113-4603-B9BE-76647EB043F2" }, { "vulnerable": true, "criteria": "cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*", "matchCriteriaId": "749804DA-4B27-492A-9ABA-6BB562A6B3AC" }, { "vulnerable": true, "criteria": "cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*", "matchCriteriaId": "80E516C0-98A4-4ADE-B69F-66A772E2BAAA" }, { "vulnerable": true, "criteria": "cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*", "matchCriteriaId": "5C675112-476C-4D7C-BCB9-A2FB2D0BC9FD" }, { "vulnerable": true, "criteria": "cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*", "matchCriteriaId": "E30D0E6F-4AE8-4284-8716-991DFA48CC5D" }, { "vulnerable": true, "criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943" } ] } ] } ], "references": [ { "url": "http://www.openwall.com/lists/oss-security/2022/09/21/1", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "http://www.openwall.com/lists/oss-security/2022/09/21/4", "source": "secalert@redhat.com", "tags": [ "Mailing List", "Third Party Advisory" ] }, { "url": "https://access.redhat.com/security/cve/CVE-2020-10735", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1834423", "source": "secalert@redhat.com", "tags": [ "Issue Tracking", "Third Party Advisory" ] }, { "url": "https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y", "source": "secalert@redhat.com", "tags": [ "Third Party Advisory" ] }, { "url": "https://github.com/python/cpython/issues/95778", "source": "secalert@redhat.com", "tags": [ "Patch", "Third Party Advisory" ] }, { "url": "https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html", "source": "secalert@redhat.com" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2VCU6EVQDIXNCEDJUCTFIER2WVNNDTYZ/", "source": "secalert@redhat.com" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/32AAQKABEKFCB5DDV5OONRZK6BS23HPW/", "source": "secalert@redhat.com" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EWKR2SPX3JORLWCXFY3KN2U5B5CIUQQ/", "source": "secalert@redhat.com" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XL6E5A3I36TRR73VNBOXNIQP4AMZDFZ/", "source": "secalert@redhat.com" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/76YE7AM37MRU76XJV4M27CWDAMUGNRYK/", "source": "secalert@redhat.com" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSRPVJZL6DJFWKYRHMNJB7VCEUCBKRF5/", "source": "secalert@redhat.com" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/", "source": "secalert@redhat.com" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NHC6IUU7CLRQ3QLPWUXLONSG3SXFTR47/", "source": "secalert@redhat.com" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OKYE2DOI2X7WZXAWTQJZAXYIWM37HDCY/", "source": "secalert@redhat.com" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OT5U223OE5ZOUHZAZYSYSWVJQIKDE73E/", "source": "secalert@redhat.com" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OT5WQB7Z3CXOWVBD2AFAHYPA5ONYFFZ4/", "source": "secalert@redhat.com" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PD7FTLJOIGMUSCDR3JAN6WRFHJEE4PH5/", "source": "secalert@redhat.com" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZYJSGLSCQOKXXFVJVJQAXLEOJBIWGEL/", "source": "secalert@redhat.com" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TD7JDDKJXK6D26XAN3YRFNM2LAJHT5UO/", "source": "secalert@redhat.com" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMWPRAAJS7I6U3U45V7GZVXWNSECI22M/", "source": "secalert@redhat.com" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4ZZV4CDFRMTPDBI7C5L43RFL3XLIGUY/", "source": "secalert@redhat.com" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBPDVCDIUCEBE7C4NAGNA2KQJYOTPBAZ/", "source": "secalert@redhat.com" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V7ZUJDHK7KNG6SLIFXW7MNZ6O2PUJYK6/", "source": "secalert@redhat.com" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/", "source": "secalert@redhat.com" }, { "url": "https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZEOAJWGGY55QU35UM2OVZATBW5MX2OZD/", "source": "secalert@redhat.com" } ] }