Vulnerabilities > CVE-2020-10735 - Incorrect Type Conversion or Cast vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
HIGH
network
low complexity
python
redhat
fedoraproject
CWE-704
NVD
Published: 2022-09-09
Updated: 2023-06-30

Summary

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.

Vulnerable Configurations

Part Description Count
Application
Python
140
Application
Redhat
2
OS
Redhat
1
OS
Fedoraproject
3

Common Weakness Enumeration (CWE)

References