DEBIAN-CVE-2020-10735

DEBIAN-CVE-2020-10735 PUBLISHED CVSS 7.5 HIGH

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.

Risk Scores

CVSS v3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

Vendor	Product	Versions
Debian:12	python3.11	0, 0, 0
Debian:11	pypy3	7.3.5+dfsg-2+deb11u1, 7.3.5+dfsg-2, 0
Debian:12	pypy3	0, 0, 0
Debian:14	pypy3	0, 0, 0
Debian:11	python2.7	2.7.18-12, 2.7.18-13, 2.7.18-13.1
Debian:11	python3.9	3.9.2-1, 0, *
Debian:13	pypy3	0, 0, 0

Timeline

Sep 9, 2022 CVE Published
Apr 28, 2026 CVE Updated

References

https://security-tracker.debian.org/tracker/CVE-2020-10735 advisory

Open in Interactive Console →