Уязвимость CVE-2020-10735: Информация

Описание

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.

Важность: HIGH (7,5) Вектор: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2020-10735
Опубликовано: 9 сентября 2022 г.
Изменено: 1 июля 2023 г.
Идентификатор типа ошибки: CWE-704

Исправленные пакеты

Имя пакета
Ветка
Исправлено в версии
Версия в репозитории
Errata ID
№ Задания
Состояние
MySQLsisyphus8.0.32-alt18.0.36-alt1ALT-PU-2023-7318-2334616Исправлено
MySQLsisyphus_e2k8.0.35-alt1.18.0.36-alt1ALT-PU-2023-7453-1-Исправлено
MySQLp108.0.35-alt1.18.0.36-alt1ALT-PU-2023-7463-2334633Исправлено
MySQLp10_e2k8.0.35-alt1.18.0.36-alt1ALT-PU-2023-7717-1-Исправлено
MySQLc10f18.0.35-alt1.18.0.36-alt1ALT-PU-2023-7888-3335803Исправлено
MySQLc9f28.0.35-alt1.0.c9.18.0.36-alt0.c9.1ALT-PU-2023-7647-3335317Исправлено
python3sisyphus3.10.7-alt13.12.2-alt1ALT-PU-2022-2599-1306631Исправлено
python3sisyphus_e2k3.10.7-alt13.12.2-alt1ALT-PU-2022-6146-1-Исправлено
python3sisyphus_riscv643.10.7-alt13.12.2-alt1ALT-PU-2022-6157-1-Исправлено
python3p103.9.16-alt13.9.18-alt1ALT-PU-2023-1518-1317117Исправлено
python3p10_e2k3.9.16-alt13.9.18-alt1ALT-PU-2023-3007-1-Исправлено
python3p93.7.17-alt13.7.17-alt1ALT-PU-2024-2598-2340935Исправлено
python3c10f13.9.16-alt13.9.18-alt0.c10f1.1ALT-PU-2023-1518-1317117Исправлено
python3c9f23.7.17-alt13.7.17-alt1ALT-PU-2024-3474-2342077Исправлено

Ссылки на рекомендации, решения и инструменты

Ссылка
Ресурс
https://access.redhat.com/security/cve/CVE-2020-10735
  • Third Party Advisory
https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y
  • Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=1834423
  • Issue Tracking
  • Third Party Advisory
https://github.com/python/cpython/issues/95778
  • Patch
  • Third Party Advisory
[oss-security] 20220921 big ints in python: CVE-2020-10735
  • Third Party Advisory
[oss-security] 20220921 Re: big ints in python: CVE-2020-10735
  • Mailing List
  • Third Party Advisory
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OKYE2DOI2X7WZXAWTQJZAXYIWM37HDCY/
    https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HSRPVJZL6DJFWKYRHMNJB7VCEUCBKRF5/
      https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/ZEOAJWGGY55QU35UM2OVZATBW5MX2OZD/
        https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/UBPDVCDIUCEBE7C4NAGNA2KQJYOTPBAZ/
          https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2VCU6EVQDIXNCEDJUCTFIER2WVNNDTYZ/
            https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/32AAQKABEKFCB5DDV5OONRZK6BS23HPW/
              https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/PD7FTLJOIGMUSCDR3JAN6WRFHJEE4PH5/
                https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TD7JDDKJXK6D26XAN3YRFNM2LAJHT5UO/
                  https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/76YE7AM37MRU76XJV4M27CWDAMUGNRYK/
                    https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/IFGV7P2PYFBMK32OKHCAC2ZPJQV5AUDF/
                      https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/WXF6MQ74HVIDDSR5AE2UDR24I6D4FEPC/
                        https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OT5WQB7Z3CXOWVBD2AFAHYPA5ONYFFZ4/
                          https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/NHC6IUU7CLRQ3QLPWUXLONSG3SXFTR47/
                            https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OT5U223OE5ZOUHZAZYSYSWVJQIKDE73E/
                              https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EWKR2SPX3JORLWCXFY3KN2U5B5CIUQQ/
                                https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6XL6E5A3I36TRR73VNBOXNIQP4AMZDFZ/
                                  https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/U4ZZV4CDFRMTPDBI7C5L43RFL3XLIGUY/
                                    https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/V7ZUJDHK7KNG6SLIFXW7MNZ6O2PUJYK6/
                                      https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TMWPRAAJS7I6U3U45V7GZVXWNSECI22M/
                                        https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/SZYJSGLSCQOKXXFVJVJQAXLEOJBIWGEL/
                                          https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html

                                              1. Конфигурация 1

                                                cpe:2.3:a:python:python:3.11.0:alpha2:*:*:*:*:*:*
                                                cpe:2.3:a:python:python:3.11.0:alpha3:*:*:*:*:*:*
                                                cpe:2.3:a:python:python:3.11.0:alpha4:*:*:*:*:*:*
                                                cpe:2.3:a:python:python:3.11.0:alpha5:*:*:*:*:*:*
                                                cpe:2.3:a:python:python:3.11.0:alpha6:*:*:*:*:*:*
                                                cpe:2.3:a:python:python:3.11.0:alpha1:*:*:*:*:*:*
                                                cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
                                                Start including
                                                3.7.0
                                                End excliding
                                                3.7.14
                                                cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
                                                Start including
                                                3.8.0
                                                End excliding
                                                3.8.14
                                                cpe:2.3:a:python:python:3.11.0:beta2:*:*:*:*:*:*
                                                cpe:2.3:a:python:python:3.11.0:beta3:*:*:*:*:*:*
                                                cpe:2.3:a:python:python:3.11.0:beta4:*:*:*:*:*:*
                                                cpe:2.3:a:python:python:3.11.0:beta5:*:*:*:*:*:*
                                                cpe:2.3:a:python:python:3.11.0:rc1:*:*:*:*:*:*
                                                cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
                                                Start including
                                                3.10.0
                                                End excliding
                                                3.10.7
                                                cpe:2.3:a:python:python:*:*:*:*:*:*:*:*
                                                Start including
                                                3.9.0
                                                End excliding
                                                3.9.14
                                                cpe:2.3:a:python:python:3.11.0:alpha7:*:*:*:*:*:*
                                                cpe:2.3:a:python:python:3.11.0:beta1:*:*:*:*:*:*

                                                Конфигурация 2

                                                cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*
                                                cpe:2.3:a:redhat:software_collections:-:*:*:*:*:*:*:*
                                                cpe:2.3:a:redhat:quay:3.0.0:*:*:*:*:*:*:*
                                                cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
                                                cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*
                                                cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*
                                            VKontakte|Telegram|YouTube|Forum|GitHub|Bugzilla
                                            Версия: v24.5.0
                                            Наверх