CVE-2020-10735

Advisory lineage Upstream: 0 Downstream: 27
Modified
Published: 09 Sept 2022, 00:00
Last modified:03 Nov 2025, 21:44

Vulnerability Summary

Overall Risk (default)
medium
30/100
CVSS Score
7.5 HIGH
v3.1 (nvd)
EPSS Score
0.38% LOW
0% probability +0.07%
KEV
Not listed
Ransomware
No reports
Public exploits
None found
Dark Web
Not detected

Timeline

09 Sept 2022, 00:00
Published
Vulnerability first disclosed
03 Nov 2025, 21:44
Last Modified
Vulnerability information updated

Description

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.

CVSS Metrics

  • v3.1HIGHScore: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

EPSS Trends

Current EPSS score: 0.38% Percentile: 60%

Techniques & Countermeasures

  • CWE-704Incorrect Type Conversion or Cast

    The product does not correctly convert an object, resource, or structure from one type to a different type.

Affected Systems

  • fedoraprojectfedora

    35 | 36 | 37

  • pythonpython

    ≥ 3.7.0, < 3.7.14 | ≥ 3.8.0, < 3.8.14 | ≥ 3.9.0, < 3.9.14 | ≥ 3.10.0, < 3.10.7 | 3.11.0:alpha1 | 3.11.0:alpha2 | 3.11.0:alpha3 | 3.11.0:alpha4 | 3.11.0:alpha5 | 3.11.0:alpha6 | 3.11.0:alpha7 | 3.11.0:beta1 | 3.11.0:beta2 | 3.11.0:beta3 | 3.11.0:beta4 | 3.11.0:beta5 | 3.11.0:rc1

  • redhatenterprise_linux

    8.0

  • redhatquay

    3.0.0

  • redhatsoftware_collections

    na

References (29)