CVE-2020-10735 Information

Description

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases when using int( ext) a system could take 50ms to parse an int string with 100000 digits and 5s for 1000000 digits (float decimal int.from_bytes() and int() for binary bases 2 4 8 16 and 32 are not affected). The highest threat from this vulnerability is to system availability.

Reference

https://access.redhat.com/security/cve/CVE-2020-10735 https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y https://bugzilla.redhat.com/show_bug.cgi?id=1834423 https://github.com/python/cpython/issues/95778