Python Vulnerability in Integer Parsing Affects Performance
CVE-2020-10735

7.5HIGH

Key Information:

Vendor: Python
Status: Python
Vendor: CVE Published:; 9 September 2022

Summary

A performance-related flaw in Python's integer parsing mechanism can lead to significant delays when processing large non-binary integer strings. Specifically, operations using quadratic time complexity can cause a system to take up to 5 seconds to parse integers consisting of 1,000,000 digits, severely affecting overall system availability and performance. This issue primarily impacts applications relying on the int() function for conversion of extensive numeric strings, highlighting the need for optimization in handling large inputs.

Affected Version(s)

python python 3.7

References

https://access.redhat.com/security/cve/CVE-2020-10735

https://github.com/python/cpython/issues/95778

https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezG...

CVSS V3.1

Score:

7.5

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Sep 9, 2022
Vulnerability Reserved
Mar 20, 2020