What is the severity of REDHAT-BUG-1834423?

The severity of REDHAT-BUG-1834423 is considered significant due to its impact on performance with large integer strings.

How do I fix REDHAT-BUG-1834423?

To fix REDHAT-BUG-1834423, update to the patched version of Python provided by your distribution.

What versions of Python are affected by REDHAT-BUG-1834423?

All versions of Python using the affected PyLong_FromString() function are susceptible to REDHAT-BUG-1834423.

What is the impact of REDHAT-BUG-1834423?

The impact of REDHAT-BUG-1834423 includes potential denial of service due to excessive parsing times for large integer strings.

Is REDHAT-BUG-1834423 a known vulnerability?

Yes, REDHAT-BUG-1834423 is a documented vulnerability that has been reported and tracked in various bug databases.

Vulnerability/
REDHAT-BUG-1834423

medium

11/5/2020

24/1/2024

REDHAT-BUG-1834423

First published: Mon May 11 2020(Updated: )

A vulnerability was found in PyLong_FromString() in Python, which is used by int("text"). For non-binary bases it uses an algorithm with quadratic time complexity to convert a string into an arbitrary precision number. It takes about 50ms to parse an int string with 100,000 digits and about 5sec for 1,000,000 digits. The float type, decimal type, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected.

Affected Software	Affected Version	How to fix
CPython

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of REDHAT-BUG-1834423?
The severity of REDHAT-BUG-1834423 is considered significant due to its impact on performance with large integer strings.
How do I fix REDHAT-BUG-1834423?
To fix REDHAT-BUG-1834423, update to the patched version of Python provided by your distribution.
What versions of Python are affected by REDHAT-BUG-1834423?
All versions of Python using the affected PyLong_FromString() function are susceptible to REDHAT-BUG-1834423.
What is the impact of REDHAT-BUG-1834423?
The impact of REDHAT-BUG-1834423 includes potential denial of service due to excessive parsing times for large integer strings.
Is REDHAT-BUG-1834423 a known vulnerability?
Yes, REDHAT-BUG-1834423 is a documented vulnerability that has been reported and tracked in various bug databases.

agent/type
agent/first-publish-date
agent/severity
agent/description
agent/event
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2020-10735
agent/last-modified-date
agent/references
agent/source
agent/tags
agent/softwarecombine
agent/guess-ai
agent/software-canonical-lookup
agent/software-canonical-lookup-request
vendor/python software foundation
canonical/cpython

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co

By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.