GCVE - cpe:2.3:a:python:python:3.11.0:beta5:*:*:*:*:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:python:python:3.11.0:beta5:*:*:*:*:*:*

part: a version: 3.11.0 update: beta5

Vendor	Python (`b57ad93a-6195-5192-9423-6cfad6044a8b`)
Product	Python (`fc328eef-0a85-5ddb-b629-b8866ec518c8`)
Edition	*
Language	*
Software edition	*
Target software	*
Target hardware	*
Other	*
Notes	Imported from NVD CPE 2.0 feed

PURL mappings

PURL	Source	Last updated
`pkg:deb/debian/python`	purl2cpe	2026-06-01 10:16:29.242929
`pkg:github/python/cpython`	purl2cpe	2026-06-01 10:16:29.242931
`pkg:python/python`	purl2cpe	2026-06-01 10:16:29.242932
`pkg:rpm/opensuse/python`	purl2cpe	2026-06-01 10:16:29.242934

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2022-45061`	vulnerable	2026-06-03 14:48:23.642946	Details available An issue was discovered in Python before 3.11.1. An unnecessary quadratic algorithm exists in one path when processing some inputs to the IDNA (RFC 3490) decoder, such that a crafted, unreasonably long name being presented to the decoder could lead to a CPU denial of service. Hostnames are often supplied by remote servers that could be controlled by a malicious actor; in such a scenario, they could trigger excessive CPU consumption on the client attempting to make use of an attacker-supplied supposed hostname. For example, the attack payload could be placed in the Location header of an HTTP response with status code 302. A fix is planned in 3.11.1, 3.10.9, 3.9.16, 3.8.16, and 3.7.16. Published: 2022-11-09T00:00:00.000Z Updated: 2025-11-03T21:46:44.155Z Open on db.gcve.eu Reference links https://github.com/python/cpython/issues/98433 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/O67LRHDTJWH544KXB6KY4HMHQLYDXFPK/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4WBZJNSALFGMPYTINIF57HAAK46U72WQ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/GTPVDZDATRQFE6KAT6B4BQIQ4GRHIIIJ/ https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/RTN2OOLKYTG34DODUEJGT5MLC2PFGPBA/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2020-10735`	vulnerable	2026-06-03 14:41:00.472260	Details available A flaw was found in python. In algorithms with quadratic time complexity using non-binary bases, when using int("text"), a system could take 50ms to parse an int string with 100,000 digits and 5s for 1,000,000 digits (float, decimal, int.from_bytes(), and int() for binary bases 2, 4, 8, 16, and 32 are not affected). The highest threat from this vulnerability is to system availability. Published: 2022-09-09T00:00:00.000Z Updated: 2025-11-03T21:44:16.139Z Open on db.gcve.eu Reference links https://access.redhat.com/security/cve/CVE-2020-10735 https://github.com/python/cpython/issues/95778 https://docs.google.com/document/d/1KjuF_aXlzPUxTK4BMgezGJ2Pn7uevfX7g0_mvgHlL7Y https://bugzilla.redhat.com/show_bug.cgi?id=1834423 https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/4EWKR2SPX3JORLWCXFY3KN2U5B5CIUQQ/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.