CVE-2012-1150 Information

Feb 14, 2021 cve

Description

Python before 2.6.8 2.7.x before 2.7.3 3.x before 3.1.5 and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

Reference

http://bugs.python.org/issue13703 http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html http://mail.python.org/pipermail/python-dev/2011-December/115116.html http://mail.python.org/pipermail/python-dev/2012-January/115892.html http://python.org/download/releases/2.6.8/ http://python.org/download/releases/2.7.3/ http://python.org/download/releases/3.1.5/ http://python.org/download/releases/3.2.3/ http://secunia.com/advisories/50858 http://secunia.com/advisories/51087 http://secunia.com/advisories/51089 http://www.openwall.com/lists/oss-security/2012/03/10/3 http://www.ubuntu.com/usn/USN-1592-1 http://www.ubuntu.com/usn/USN-1596-1 http://www.ubuntu.com/usn/USN-1615-1 http://www.ubuntu.com/usn/USN-1616-1 https://bugzilla.redhat.com/show_bug.cgi?id=750555

Share on: