Bug 1834423 (CVE-2020-10735)
| Summary: | CVE-2020-10735 python: int() type in PyLong_FromString() does not limit amount of digits converting text to int leading to DoS | ||
|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | msiddiqu |
| Component: | vulnerability | Assignee: | Red Hat Product Security <security-response-team> |
| Status: | CLOSED ERRATA | QA Contact: | |
| Severity: | medium | Docs Contact: | |
| Priority: | medium | ||
| Version: | unspecified | CC: | adev88, bdettelb, carl, cheimes, cstratak, dbaker, dmalcolm, extras-orphan, gilbertl, hhorak, huzaifas, jeffrey.ness, jorton, kaycoth, kyoshida, manisandro, m.cyprian, mhroncok, pviktori, python-maint, python-sig, rkuska, security-response-team, shcherbina.iryna, sisharma, slavek.kabrda, thrnciar, TicoTimo, tomckay, torsava, vstinner |
| Target Milestone: | --- | Keywords: | Security |
| Target Release: | --- | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | Doc Type: | If docs needed, set a value | |
| Doc Text: |
A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.
|
Story Points: | --- |
| Clone Of: | Environment: | ||
| Last Closed: | 2023-05-16 16:49:25 UTC | Type: | --- |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
| Bug Depends On: | 1847912, 1896277, 1896278, 1896279, 1896280, 1896281, 1896282, 2124160, 2124161, 2124162, 2124163, 2125239, 2126379, 2126453, 2126454, 2126455, 2158478 | ||
| Bug Blocks: | 1832782, 2124170 | ||
Upstream Python is going to provide fixes for all supported Python versions (3.5, 3.6, 3.7, 3.8, 3.9-dev). Created mingw-python3 tracking bugs for this issue: Affects: fedora-all [bug 2124161] Created python34 tracking bugs for this issue: Affects: epel-all [bug 2124160] Created python34 tracking bugs for this issue: Affects: fedora-all [bug 2124162] Created python35 tracking bugs for this issue: Affects: fedora-all [bug 2124163] (In reply to Sandipan Roy from comment #13) > Created python34 tracking bugs for this issue: > > Affects: fedora-all [bug 2124162] > > > Created python35 tracking bugs for this issue: > > Affects: fedora-all [bug 2124163] Both of the packages are retired in Fedora for many releases :/ FEDORA-2022-4b31e33ed0 has been pushed to the Fedora 36 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2022-46a44a7f83 has been pushed to the Fedora 36 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2022-b01214472e has been pushed to the Fedora 37 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2022-f330bbfda2 has been pushed to the Fedora 37 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2022-6d57598a23 has been pushed to the Fedora 37 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2022-8535093cba has been pushed to the Fedora 35 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2022-0b3904c674 has been pushed to the Fedora 36 stable repository. If problem still persists, please make note of it in this bug report. FEDORA-2022-ac82a548df has been pushed to the Fedora 35 stable repository. If problem still persists, please make note of it in this bug report. This issue has been addressed in the following products: Red Hat Software Collections for Red Hat Enterprise Linux 7 Via RHSA-2022:6766 https://access.redhat.com/errata/RHSA-2022:6766 This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2022:7323 https://access.redhat.com/errata/RHSA-2022:7323 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:0833 https://access.redhat.com/errata/RHSA-2023:0833 Hi Team, RHSA-2023:0833 only provides fix for python3.6 on RHEL8, is there any plan for python3.8/3.9 fixes? If yes, any expected timeframe? Thanks. In reply to comment #32: > Hi Team, > > RHSA-2023:0833 only provides fix for python3.6 on RHEL8, is there any plan > for python3.8/3.9 fixes? If yes, any expected timeframe? > > Thanks. Unfortunately, the timeframe cannot be stated, however it is scheduled to be public upon the upcoming release of RHEL-8.8.0.GA This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:2763 https://access.redhat.com/errata/RHSA-2023:2763 This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:2764 https://access.redhat.com/errata/RHSA-2023:2764 This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2020-10735 This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2024:0430 https://access.redhat.com/errata/RHSA-2024:0430 |
A vulnerability was found in PyLong_FromString() in Python, which is used by int("text"). For non-binary bases it uses an algorithm with quadratic time complexity to convert a string into an arbitrary precision number. It takes about 50ms to parse an int string with 100,000 digits and about 5sec for 1,000,000 digits. The float type, decimal type, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected.