CVE-2012-1150

medium

Description

Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

References

http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html

https://bugzilla.redhat.com/show_bug.cgi?id=750555

http://secunia.com/advisories/50858

http://secunia.com/advisories/51087

http://secunia.com/advisories/51089

http://www.openwall.com/lists/oss-security/2012/03/10/3

http://www.ubuntu.com/usn/USN-1592-1

http://www.ubuntu.com/usn/USN-1596-1

http://www.ubuntu.com/usn/USN-1615-1

http://www.ubuntu.com/usn/USN-1616-1

Details

Source: Mitre, NVD

Published: 2012-10-05

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: Medium