CVE Vulnerabilities

CVE-2013-7040

Published: May 19, 2014 | Modified: Oct 25, 2019
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
4.3 MEDIUM
AV:N/AC:M/Au:N/C:N/I:N/A:P
RedHat/V2
5 MODERATE
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V3
Ubuntu
LOW

Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.

Affected Software

Name Vendor Start Version End Version
Mac_os_x Apple * 10.10.4 (including)
Python2.6 Ubuntu lucid *
Python2.7 Ubuntu devel *
Python2.7 Ubuntu esm-infra-legacy/trusty *
Python2.7 Ubuntu precise *
Python2.7 Ubuntu quantal *
Python2.7 Ubuntu raring *
Python2.7 Ubuntu saucy *
Python2.7 Ubuntu trusty *
Python2.7 Ubuntu trusty/esm *
Python3.1 Ubuntu lucid *
Python3.2 Ubuntu precise *
Python3.2 Ubuntu quantal *
Python3.3 Ubuntu quantal *
Python3.3 Ubuntu raring *
Python3.3 Ubuntu saucy *

References