CVE-2012-1150

high

Description

Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

References

https://bugzilla.redhat.com/show_bug.cgi?id=750555

http://www.ubuntu.com/usn/USN-1616-1

http://www.ubuntu.com/usn/USN-1615-1

http://www.ubuntu.com/usn/USN-1596-1

http://www.ubuntu.com/usn/USN-1592-1

http://www.openwall.com/lists/oss-security/2012/03/10/3

http://secunia.com/advisories/51089

http://secunia.com/advisories/51087

http://secunia.com/advisories/50858

http://python.org/download/releases/3.2.3/

http://python.org/download/releases/3.1.5/

http://python.org/download/releases/2.7.3/

http://python.org/download/releases/2.6.8/

http://mail.python.org/pipermail/python-dev/2012-January/115892.html

http://mail.python.org/pipermail/python-dev/2011-December/115116.html

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html

http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html

Details

Source: Mitre, NVD

Published: 2012-10-05

Updated: 2025-04-11

Risk Information

CVSS v2

Base Score: 5

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 7.5

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Severity: High

EPSS

EPSS: 0.01489