{"id":"BIT-python-2020-10735","details":"A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int(\"text\"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.","aliases":["BIT-libpython-2020-10735","BIT-python-min-2020-10735","CVE-2020-10735","PSF-2022-4"],"modified":"2026-01-15T01:56:32.028832Z","published":"2024-03-06T11:08:16.884Z","database_specific":{"cpes":["cpe:2.3:a:python:python:*:*:*:*:*:*:*:*","cpe:2.3:a:python:python:3.11.0:alpha1:*:*:*:*:*:*","cpe:2.3:a:python:python:3.11.0:alpha2:*:*:*:*:*:*","cpe:2.3:a:python:python:3.11.0:alpha3:*:*:*:*:*:*","cpe:2.3:a:python:python:3.11.0:alpha4:*:*:*:*:*:*","cpe:2.3:a:python:python:3.11.0:alpha5:*:*:*:*:*:*","cpe:2.3:a:python:python:3.11.0:alpha6:*:*:*:*:*:*","cpe:2.3:a:python:python:3.11.0:alpha7:*:*:*:*:*:*","cpe:2.3:a:python:python:3.11.0:beta1:*:*:*:*:*:*","cpe:2.3:a:python:python:3.11.0:beta2:*:*:*:*:*:*","cpe:2.3:a:python:python:3.11.0:beta3:*:*:*:*:*:*","cpe:2.3:a:python:python:3.11.0:beta4:*:*:*:*:*:*","cpe:2.3:a:python:python:3.11.0:beta5:*:*:*:*:*:*","cpe:2.3:a:python:python:3.11.0:rc1:*:*:*:*:*:*"],"severity":"High"},"references":[{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2022/09/21/1"},{"type":"WEB","url":"http://www.openwall.com/lists/oss-security/2022/09/21/4"},{"type":"WEB","url":"https://access.redhat.com/security/cve/CVE-2020-10735"},{"type":"WEB","url":"https://bugzilla.redhat.com/show_bug.cgi?id=1834423"},{"type":"WEB","url":"https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y"},{"type":"WEB","url":"https://github.com/python/cpython/issues/95778"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2VCU6EVQDIXNCEDJUCTFIER2WVNNDTYZ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/32AAQKABEKFCB5DDV5OONRZK6BS23HPW/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EWKR2SPX3JORLWCXFY3KN2U5B5CIUQQ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XL6E5A3I36TRR73VNBOXNIQP4AMZDFZ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/76YE7AM37MRU76XJV4M27CWDAMUGNRYK/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSRPVJZL6DJFWKYRHMNJB7VCEUCBKRF5/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NHC6IUU7CLRQ3QLPWUXLONSG3SXFTR47/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OKYE2DOI2X7WZXAWTQJZAXYIWM37HDCY/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OT5U223OE5ZOUHZAZYSYSWVJQIKDE73E/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OT5WQB7Z3CXOWVBD2AFAHYPA5ONYFFZ4/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PD7FTLJOIGMUSCDR3JAN6WRFHJEE4PH5/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZYJSGLSCQOKXXFVJVJQAXLEOJBIWGEL/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TD7JDDKJXK6D26XAN3YRFNM2LAJHT5UO/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMWPRAAJS7I6U3U45V7GZVXWNSECI22M/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4ZZV4CDFRMTPDBI7C5L43RFL3XLIGUY/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBPDVCDIUCEBE7C4NAGNA2KQJYOTPBAZ/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V7ZUJDHK7KNG6SLIFXW7MNZ6O2PUJYK6/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZEOAJWGGY55QU35UM2OVZATBW5MX2OZD/"},{"type":"WEB","url":"https://nvd.nist.gov/vuln/detail/CVE-2020-10735"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/11/msg00024.html"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2024/12/msg00000.html"}],"affected":[{"package":{"name":"python","ecosystem":"Bitnami","purl":"pkg:bitnami/python"},"ranges":[{"type":"SEMVER","events":[{"introduced":"3.7.0"},{"fixed":"3.7.14"},{"introduced":"3.8.0"},{"fixed":"3.8.14"},{"introduced":"3.9.0"},{"fixed":"3.9.14"},{"introduced":"3.10.0"},{"fixed":"3.10.7"}]}],"database_specific":{"source":"https://github.com/bitnami/vulndb/tree/main/data/python/BIT-python-2020-10735.json"},"severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}]}],"schema_version":"1.7.3"}