1Converting between :class:`int` and :class:`str` in bases other than 2 2(binary), 4, 8 (octal), 16 (hexadecimal), or 32 such as base 10 (decimal) now 3raises a :exc:`ValueError` if the number of digits in string form is above a 4limit to avoid potential denial of service attacks due to the algorithmic 5complexity. This is a mitigation for `CVE-2020-10735 6<https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-10735>`_. 7 8This new limit can be configured or disabled by environment variable, command 9line flag, or :mod:`sys` APIs. See the :ref:`integer string conversion length 10limitation <int_max_str_digits>` documentation. The default limit is 4300 11digits in string form. 12 13Patch by Gregory P. Smith [Google] and Christian Heimes [Red Hat] with feedback 14from Victor Stinner, Thomas Wouters, Steve Dower, and Ned Deily. 15