Bug 1203125 – VUL-0: CVE-2020-10735: python27,python,python310,python3,python39,python36: int() type in PyLong_FromString() does not limit amount of digits converting text to int leading to DoS

Bug 1203125 - (CVE-2020-10735) VUL-0: CVE-2020-10735: python27,python,python310,python3,python39,python36: int() type in PyLong_FromString() does not limit amount of digits converting text to int leading to DoS

(CVE-2020-10735)
Summary:	VUL-0: CVE-2020-10735: python27,python,python310,python3,python39,python36: i...

Status:	RESOLVED FIXED

Classification:	Novell Products
Product:	SUSE Security Incidents
Classification:	Novell Products
Component:	Incidents
Version:	unspecified
Hardware:	Other Other

Priority:	P3 - Medium Severity: Major
Target Milestone:	---
Assigned To:	Security Team bot
QA Contact:	Security Team bot

URL:	https://smash.suse.de/issue/341485/
Whiteboard:	CVSSv3.1:SUSE:CVE-2020-10735:7.5:(AV:...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Create test case

Clone This Bug

Reported:	2022-09-05 14:03 UTC by Thomas Leroy
Modified:	2023-01-02 19:08 UTC (History)
CC List:	7 users (show)

See Also:
Found By:	Security Response Team
Services Priority:
Business Priority:
Blocker:	---
Marketing QA Status:	---
IT Deployment:	---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Thomas Leroy 2022-09-05 14:03:00 UTC

rh#1834423

A vulnerability was found in PyLong_FromString() in Python, which is used by int("text"). For non-binary bases it uses an algorithm with quadratic time complexity to convert a string into an arbitrary precision number. It takes about 50ms to parse an int string with 100,000 digits and about 5sec for 1,000,000 digits. The float type, decimal type, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected.

Upstream issue:
https://github.com/python/cpython/issues/95778

References:
https://bugzilla.redhat.com/show_bug.cgi?id=1834423
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2020-10735

Comment 1 Thomas Leroy 2022-09-05 14:05:53 UTC

Every maintained codestream is affected:
- SUSE:SLE-11-SP1:Update/python
- SUSE:SLE-12-SP1:Update/python
- SUSE:SLE-12-SP4:Update/python
- SUSE:SLE-15:Update/python
- SUSE:SLE-11-SP1:Update:Teradata/python27
- SUSE:SLE-12:Update/python3 
- SUSE:SLE-15:Update/python3
- SUSE:SLE-15-SP3:Update/python3
- SUSE:SLE-15-SP4:Update/python310	
- SUSE:SLE-12-SP3:Update:Products:Teradata:Update/python36
- SUSE:SLE-12-SP5:Update/python36
- SUSE:SLE-15-SP3:Update/python39

Comment 2 OBSbugzilla Bot 2022-09-11 11:05:06 UTC

This is an autogenerated message for OBS integration:
This bug (1203125) was mentioned in
https://build.opensuse.org/request/show/1002501 Factory / python38

Comment 3 OBSbugzilla Bot 2022-09-11 13:55:03 UTC

This is an autogenerated message for OBS integration:
This bug (1203125) was mentioned in
https://build.opensuse.org/request/show/1002508 Factory / python310

Comment 4 OBSbugzilla Bot 2022-09-12 18:25:03 UTC

This is an autogenerated message for OBS integration:
This bug (1203125) was mentioned in
https://build.opensuse.org/request/show/1003029 Factory / python39

Comment 7 Swamp Workflow Management 2022-09-30 13:20:38 UTC

SUSE-SU-2022:3473-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1202624,1203125
CVE References: CVE-2020-10735,CVE-2021-28861
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    python310-3.10.7-150400.4.10.1, python310-core-3.10.7-150400.4.10.1, python310-documentation-3.10.7-150400.4.10.1
SUSE Linux Enterprise Module for Python3 15-SP4 (src):    python310-3.10.7-150400.4.10.1, python310-core-3.10.7-150400.4.10.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 8 Swamp Workflow Management 2022-10-01 13:20:49 UTC

SUSE-SU-2022:3485-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1202624,1203125
CVE References: CVE-2020-10735,CVE-2021-28861
JIRA References: 
Sources used:
openSUSE Leap 15.4 (src):    python39-3.9.14-150300.4.16.1, python39-core-3.9.14-150300.4.16.1, python39-documentation-3.9.14-150300.4.16.1
openSUSE Leap 15.3 (src):    python39-3.9.14-150300.4.16.1, python39-core-3.9.14-150300.4.16.1, python39-documentation-3.9.14-150300.4.16.1
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    python39-core-3.9.14-150300.4.16.1
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    python39-3.9.14-150300.4.16.1, python39-core-3.9.14-150300.4.16.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 18 Matej Cepl 2022-11-01 22:20:36 UTC

https://build.suse.de/request/show/283555 for Python 3.4 on SLE-12

Suggesting WONTFIX for Python 2.* as the patch would require very substantial port to the very different codebase.

Comment 20 Thomas Leroy 2022-11-04 08:52:16 UTC

(In reply to Matej Cepl from comment #18)
> https://build.suse.de/request/show/283555 for Python 3.4 on SLE-12
> 
> Suggesting WONTFIX for Python 2.* as the patch would require very
> substantial port to the very different codebase.

(In reply to Thomas Leroy from comment #1)
> Every maintained codestream is affected:
> - SUSE:SLE-11-SP1:Update/python
> - SUSE:SLE-12-SP1:Update/python
> - SUSE:SLE-12-SP4:Update/python
> - SUSE:SLE-15:Update/python
> - SUSE:SLE-11-SP1:Update:Teradata/python27

Agreed with the security team that these python2 packages will not be fixed

Comment 21 Swamp Workflow Management 2022-11-09 17:23:10 UTC

SUSE-SU-2022:3924-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1203125,1204577
CVE References: CVE-2020-10735,CVE-2022-37454
JIRA References: 
Sources used:
SUSE Manager Server 4.1 (src):    python3-3.6.15-150000.3.116.1, python3-core-3.6.15-150000.3.116.1
SUSE Manager Retail Branch Server 4.1 (src):    python3-3.6.15-150000.3.116.1, python3-core-3.6.15-150000.3.116.1
SUSE Manager Proxy 4.1 (src):    python3-3.6.15-150000.3.116.1, python3-core-3.6.15-150000.3.116.1
SUSE Linux Enterprise Server for SAP 15-SP2 (src):    python3-3.6.15-150000.3.116.1, python3-core-3.6.15-150000.3.116.1
SUSE Linux Enterprise Server for SAP 15-SP1 (src):    python3-3.6.15-150000.3.116.1, python3-core-3.6.15-150000.3.116.1
SUSE Linux Enterprise Server for SAP 15 (src):    python3-3.6.15-150000.3.116.1, python3-core-3.6.15-150000.3.116.1
SUSE Linux Enterprise Server 15-SP2-LTSS (src):    python3-3.6.15-150000.3.116.1, python3-core-3.6.15-150000.3.116.1
SUSE Linux Enterprise Server 15-SP2-BCL (src):    python3-3.6.15-150000.3.116.1, python3-core-3.6.15-150000.3.116.1
SUSE Linux Enterprise Server 15-SP1-LTSS (src):    python3-3.6.15-150000.3.116.1, python3-core-3.6.15-150000.3.116.1
SUSE Linux Enterprise Server 15-SP1-BCL (src):    python3-3.6.15-150000.3.116.1, python3-core-3.6.15-150000.3.116.1
SUSE Linux Enterprise Server 15-LTSS (src):    python3-3.6.15-150000.3.116.1, python3-core-3.6.15-150000.3.116.1
SUSE Linux Enterprise Micro 5.1 (src):    python3-3.6.15-150000.3.116.1, python3-core-3.6.15-150000.3.116.1
SUSE Linux Enterprise High Performance Computing 15-SP2-LTSS (src):    python3-3.6.15-150000.3.116.1, python3-core-3.6.15-150000.3.116.1
SUSE Linux Enterprise High Performance Computing 15-SP2-ESPOS (src):    python3-3.6.15-150000.3.116.1, python3-core-3.6.15-150000.3.116.1
SUSE Linux Enterprise High Performance Computing 15-SP1-LTSS (src):    python3-3.6.15-150000.3.116.1, python3-core-3.6.15-150000.3.116.1
SUSE Linux Enterprise High Performance Computing 15-SP1-ESPOS (src):    python3-3.6.15-150000.3.116.1, python3-core-3.6.15-150000.3.116.1
SUSE Linux Enterprise High Performance Computing 15-LTSS (src):    python3-3.6.15-150000.3.116.1, python3-core-3.6.15-150000.3.116.1
SUSE Linux Enterprise High Performance Computing 15-ESPOS (src):    python3-3.6.15-150000.3.116.1, python3-core-3.6.15-150000.3.116.1
SUSE Enterprise Storage 7 (src):    python3-3.6.15-150000.3.116.1, python3-core-3.6.15-150000.3.116.1
SUSE Enterprise Storage 6 (src):    python3-3.6.15-150000.3.116.1, python3-core-3.6.15-150000.3.116.1
SUSE CaaS Platform 4.0 (src):    python3-3.6.15-150000.3.116.1, python3-core-3.6.15-150000.3.116.1

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 25 Swamp Workflow Management 2022-11-28 14:29:39 UTC

SUSE-SU-2022:4251-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1203125,1205244
CVE References: CVE-2020-10735,CVE-2022-45061
JIRA References: 
Sources used:
SUSE OpenStack Cloud Crowbar 9 (src):    python3-3.4.10-25.102.2, python3-base-3.4.10-25.102.2
SUSE OpenStack Cloud 9 (src):    python3-3.4.10-25.102.2, python3-base-3.4.10-25.102.2
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    python3-3.4.10-25.102.2, python3-base-3.4.10-25.102.2
SUSE Linux Enterprise Server for SAP 12-SP4 (src):    python3-3.4.10-25.102.2, python3-base-3.4.10-25.102.2
SUSE Linux Enterprise Server 12-SP5 (src):    python3-3.4.10-25.102.2, python3-base-3.4.10-25.102.2
SUSE Linux Enterprise Server 12-SP4-LTSS (src):    python3-3.4.10-25.102.2, python3-base-3.4.10-25.102.2
SUSE Linux Enterprise Server 12-SP3-BCL (src):    python3-3.4.10-25.102.2, python3-base-3.4.10-25.102.2
SUSE Linux Enterprise Server 12-SP2-BCL (src):    python3-3.4.10-25.102.2, python3-base-3.4.10-25.102.2
SUSE Linux Enterprise Module for Web Scripting 12 (src):    python3-3.4.10-25.102.2, python3-base-3.4.10-25.102.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 26 Swamp Workflow Management 2022-11-29 17:28:06 UTC

SUSE-SU-2022:4274-1: An update that fixes two vulnerabilities is now available.

Category: security (important)
Bug References: 1203125,1204577
CVE References: CVE-2020-10735,CVE-2022-37454
JIRA References: 
Sources used:
SUSE Linux Enterprise Software Development Kit 12-SP5 (src):    python36-core-3.6.15-32.2
SUSE Linux Enterprise Server 12-SP5 (src):    python36-3.6.15-32.2, python36-core-3.6.15-32.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.

Comment 27 Swamp Workflow Management 2022-11-29 17:51:17 UTC

SUSE-SU-2022:4281-1: An update that fixes four vulnerabilities is now available.

Category: security (important)
Bug References: 1188607,1203125,1204577
CVE References: CVE-2019-18348,CVE-2020-10735,CVE-2020-8492,CVE-2022-37454
JIRA References: 
Sources used:
openSUSE Leap Micro 5.3 (src):    python3-3.6.15-150300.10.37.2, python3-core-3.6.15-150300.10.37.2
openSUSE Leap Micro 5.2 (src):    python3-3.6.15-150300.10.37.2, python3-core-3.6.15-150300.10.37.2
openSUSE Leap 15.4 (src):    python3-3.6.15-150300.10.37.2, python3-core-3.6.15-150300.10.37.2, python3-documentation-3.6.15-150300.10.37.1
openSUSE Leap 15.3 (src):    python3-3.6.15-150300.10.37.2, python3-core-3.6.15-150300.10.37.2, python3-documentation-3.6.15-150300.10.37.1
SUSE Linux Enterprise Module for Development Tools 15-SP4 (src):    python3-core-3.6.15-150300.10.37.2
SUSE Linux Enterprise Module for Development Tools 15-SP3 (src):    python3-core-3.6.15-150300.10.37.2
SUSE Linux Enterprise Module for Basesystem 15-SP4 (src):    python3-3.6.15-150300.10.37.2, python3-core-3.6.15-150300.10.37.2
SUSE Linux Enterprise Module for Basesystem 15-SP3 (src):    python3-3.6.15-150300.10.37.2, python3-core-3.6.15-150300.10.37.2
SUSE Linux Enterprise Micro 5.3 (src):    python3-3.6.15-150300.10.37.2, python3-core-3.6.15-150300.10.37.2
SUSE Linux Enterprise Micro 5.2 (src):    python3-3.6.15-150300.10.37.2, python3-core-3.6.15-150300.10.37.2

NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.