CVE-2020-10735

ADVISORY - nist

Summary

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.

EPSS Score⁠: 0.00288 (0.519)

Common Weakness Enumeration (CWE)

ADVISORY - nist

CWE-704⁠

Incorrect Type Conversion or Cast

ADVISORY - redhat

CWE-400⁠

Uncontrolled Resource Consumption

CWE-704⁠

Incorrect Type Conversion or Cast

Impacted images

Advisories

Sign in to Docker Scout

See which of your images are affected by this CVE and how to fix them by signing into Docker Scout.