PT-2022-4709 · Python+10 · Python+10
Published
2022-09-02
·
Updated
2025-11-26
·
CVE-2020-10735
CVSS v3.1
7.5
High
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Name of the Vulnerable Software and Affected Versions
Python (affected versions not specified)
Description
A flaw was found in Python related to errors in converting data types between int and str. This issue is associated with algorithms that have quadratic time complexity and use non-binary bases. When using
int("text"), a system could take a significant amount of time to parse an int string, for example, 50ms for a string with 100,000 digits and 5s for a string with 1,000,000 digits. The float, decimal, int.from bytes(), and int() functions for binary bases 2, 4, 8, 16, and 32 are not affected. This vulnerability poses the highest threat to system availability, as it could allow an attacker to cause a denial of service by consuming all available resources.Recommendations
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
DoS
Incorrect Type Conversion or Cast
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Almalinux
Astra Linux
Centos
Debian
Ibm Aix
Python
Red Hat
Red Os
Rocky Linux
Suse