Safety vulnerability ID: 50958
The information on this page was manually curated by our Cybersecurity Intelligence Team.
A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.
Latest version: 0.9.8
A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability. See CVE-2020-10735.
MISC:https://access.redhat.com/security/cve/CVE-2020-10735: https://access.redhat.com/security/cve/CVE-2020-10735
MISC:https://bugzilla.redhat.com/show_bug.cgi?id=1834423: https://bugzilla.redhat.com/show_bug.cgi?id=1834423
MISC:https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y: https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y
MISC:https://github.com/python/cpython/issues/95778: https://github.com/python/cpython/issues/95778
Scan your Python project for dependency vulnerabilities in two minutes
Scan your application