Cyber Resilience

CVE-2020-10735

High

Published: 09 September 2022

Published
09 September 2022
Modified
03 November 2025
KEV Added
Patch
CVSS Score v3.1 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score 0.0038 60.1th percentile
Risk Priority 15 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2020-10735 is a high-severity Incorrect Type Conversion or Cast (CWE-704) vulnerability in Python Python. Its CVSS base score is 7.5 (High).

Operationally, ranked in the top 39.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

EU & UK References

Vulnerability details

A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and…

more

int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

python
python
3.11.0 · 3.7.0 — 3.7.14 · 3.8.0 — 3.8.14 · 3.9.0 — 3.9.14
redhat
quay
3.0.0
redhat
software collections
all versions
fedoraproject
fedora
35, 36, 37
redhat
enterprise linux
8.0

Mitigating Controls

No mitigating controls mapped yet. The per-CVE control annotator has not reached this CVE.

References