Python 代码问题漏洞（CVE-2020-10735）

admin

0
文章

0
评论

2023-11-30 06:07:02 Ali_nvd 来源：ZONE.CI 全球网 0 阅读模式

中危 Python 代码问题漏洞（CVE-2020-10735）

CVE编号

CVE-2020-10735

利用情况

暂无

补丁情况

官方补丁

披露时间

2022-09-09

漏洞描述

Python是Python基金会的一套开源的、面向对象的程序设计语言。该语言具有可扩展、支持模块和包、支持多种平台等特点。 Python 存在安全漏洞，攻击者利用该漏洞可以通过大整数转换触发 Python Core 的过载，以触发拒绝服务。

解决建议

目前厂商已发布升级补丁以修复漏洞，详情请关注厂商主页：https://www.python.org/

参考链接
http://www.openwall.com/lists/oss-security/2022/09/21/1
http://www.openwall.com/lists/oss-security/2022/09/21/4
https://access.redhat.com/security/cve/CVE-2020-10735
https://bugzilla.redhat.com/show_bug.cgi?id=1834423
https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y
https://github.com/python/cpython/issues/95778
https://lists.debian.org/debian-lts-announce/2023/06/msg00039.html
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedora...
https://lists.fedoraproject.org/archives/list/[email protected]...

受影响软件情况

1
#	类型	厂商	产品	版本	影响面
	运行在以下环境
	应用	python	python	3.7	-
	运行在以下环境
	应用	redhat	quay	3.0.0	-
	运行在以下环境
	应用	redhat	software_collections	-	-
	运行在以下环境
	系统	amazon_2	python3	*		Up to (excluding) 3.8.15-1.amzn2.0.1
	运行在以下环境
	系统	amazon_2022	python3.10	*		Up to (excluding) 3.10.8-1.amzn2022.0.1
	运行在以下环境
	系统	amazon_2023	python3.9	*		Up to (excluding) 3.9.16-1.amzn2023.0.3
	运行在以下环境
	系统	anolis_os_8	python3-idle	*		Up to (excluding) 1.7.1-4
	运行在以下环境
	系统	centos_8	platform-python-devel	*		Up to (excluding) 3.6.8-48.el8_7.1
	运行在以下环境
	系统	debian_10	python2.7	*		Up to (including) 2.7.16-2+deb10u1
	运行在以下环境
	系统	debian_11	python2.7	*		Up to (including) 2.7.18-8+deb11u1
	运行在以下环境
	系统	debian_12	python3.11	*		Up to (excluding) 3.11.0~rc2-1
	运行在以下环境
	系统	debian_sid	python3.10	*		Up to (excluding) 3.10.7-1
	运行在以下环境
	系统	fedora_35	python3.9-debugsource	*		Up to (excluding) 3.10.7-1.fc35
	运行在以下环境
	系统	fedora_36	python3.8-debuginfo	*		Up to (excluding) 3.10.7-1.fc36
	运行在以下环境
	系统	fedora_37	python3.8-debuginfo	*		Up to (excluding) 3.11.0~rc2-1.fc37
	运行在以下环境
	系统	fedora_38	python3.6	*		Up to (excluding) 3.6.15-13.fc38
	运行在以下环境
	系统	kylinos_aarch64_V10SP1	python3	*		Up to (excluding) 3.7.9-20.p04.se.ky10
	运行在以下环境
	系统	kylinos_aarch64_V10SP2	python3	*		Up to (excluding) 3.7.9-20.p04.se.ky10
	运行在以下环境
	系统	kylinos_aarch64_V10SP3	python3	*		Up to (excluding) 3.7.9-18.se.04.p01.ky10
	运行在以下环境
	系统	kylinos_loongarch64_V10SP1	python3	*		Up to (excluding) 3.7.9-7.p10.se.a.ky10
	运行在以下环境
	系统	kylinos_loongarch64_V10SP3	python3	*		Up to (excluding) 3.7.9-18.se.03.p05.a.ky10
	运行在以下环境
	系统	kylinos_x86_64_V10SP1	python3	*		Up to (excluding) 3.7.9-20.p04.se.ky10
	运行在以下环境
	系统	kylinos_x86_64_V10SP2	python3	*		Up to (excluding) 3.7.9-20.p05.se.ky10
	运行在以下环境
	系统	kylinos_x86_64_V10SP3	python3	*		Up to (excluding) 3.7.9-18.se.04.p01.ky10
	运行在以下环境
	系统	opensuse_5.2	libpython3_6m1_0	*		Up to (excluding) 3.6.15-150300.10.37.2
	运行在以下环境
	系统	opensuse_5.3	libpython3_6m1_0	*		Up to (excluding) 3.6.15-150300.10.37.2
	运行在以下环境
	系统	opensuse_Leap_15.3	python3-tools	*		Up to (excluding) 3.9.14-150300.4.16.1
	运行在以下环境
	系统	opensuse_Leap_15.4	python3-tools	*		Up to (excluding) 3.10.7-150400.4.10.1
	运行在以下环境
	系统	oracle_8	oraclelinux-release	*		Up to (excluding) 3.8.16-1.module+el8.8.0+21001+646f3fba
	运行在以下环境
	系统	oracle_9	oraclelinux-release	*		Up to (excluding) 3.9.10-3.el9_0
	运行在以下环境
	系统	redhat_8	platform-python-devel	*		Up to (excluding) 3.6.8-48.el8_7.1
	运行在以下环境
系统	redhat_9	python3.9-debugsource	*		Up to (excluding) 3.9.10-3.el9_0
运行在以下环境
系统	suse_12_SP5	python36	*		Up to (excluding) 3.4.10-25.102.2
运行在以下环境
系统	unionos_a	python3	*		Up to (excluding) python3-3.6.8-48.uelc20.1.01 libffi-3.1-23.0.3.uelc20.01