Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2013-7040

Опубликовано: 09 дек. 2013
Источник: redhat
CVSS2: 5

Описание

Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.

Отчет

This issue affects the version of python as shipped with Red Hat Enterprise Linux 5 and 6. There are currently no plans to fix this issue. For more details please refer to https://bugzilla.redhat.com/show_bug.cgi?id=1039915#c4

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Red Hat Enterprise Linux 5pythonWill not fix
Red Hat Enterprise Linux 6pythonWill not fix
Red Hat Enterprise Linux 7pythonWill not fix
Red Hat Software Collectionspython27-pythonWill not fix
Red Hat Software Collectionspython33-pythonWill not fix

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
https://bugzilla.redhat.com/show_bug.cgi?id=1039915python: hash secret can be recovered remotely

5 Medium

CVSS2

Связанные уязвимости

ubuntu логотип

CVE-2013-7040

ubuntu
около 11 лет назад

Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.

nvd логотип

CVE-2013-7040

nvd
около 11 лет назад

Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.

debian логотип

CVE-2013-7040

debian
около 11 лет назад

Python 2.7 before 3.4 only uses the last eight bits of the prefix to r ...

github логотип

GHSA-cjvq-9vmj-3482

github
около 3 лет назад

Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.

5 Medium

CVSS2