Fluid Attacks Database

Description

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.

Mitigation

Update Impact

Minimal update. May introduce new vulnerabilities or breaking changes.

Ecosystem	Package	Affected version	Patched versions
debian 12	pypy3	>=0 <7.3.10+dfsg-1	7.3.10+dfsg-1
debian 11	python2.7	=2.7.18-10 \|\| =2.7.18-11 \|\| =2.7.18-12 \|\| =2.7.18-13 \|\| =2.7.18-13.1 \|\| =2.7.18-13.1~exp1 \|\| =2.7.18-13.2 \|\| =2.7.18-8 \|\| =2.7.18-8+deb11u1 \|\| =2.7.18-9	-
debian 13	pypy3	>=0 <7.3.10+dfsg-1	7.3.10+dfsg-1
debian 11	pypy3	=7.3.5+dfsg-2 \|\| =7.3.5+dfsg-2+deb11u1 \|\| =7.3.5+dfsg-2+deb11u2 \|\| =7.3.5+dfsg-2+deb11u3 \|\| >=0 <7.3.5+dfsg-2+deb11u4	7.3.5+dfsg-2+deb11u4
debian 14	pypy3	>=0 <7.3.10+dfsg-1	7.3.10+dfsg-1
debian 12	python3.11	>=0 <3.11.0~rc2-1	3.11.0~rc2-1
debian 11	python3.9	=3.9.2-1 \|\| =3.9.2-1+deb11u1 \|\| >=0 <3.9.2-1+deb11u2	3.9.2-1+deb11u2
rpm rhel7	python3	-	-
rpm rhel8	python2	-	-
rpm rhel5	python	-	-

1-10 of 19

Aliases

1. CVE-2020-107352. NVD-2020-107353. OSV-DEBIAN-2020-107354. OSV-2020-107355. SECURITY-TRACKER-CVE-2020-10735

Does your application use this vulnerable software?

During the free trial, our tools assess your application, identify vulnerabilities, and provide recommendations for their remediation.