CVE-2013-7040

2014-05-1914:55:00

CWE-310

[email protected]

web.nvd.nist.gov

311

cve

2013

7040

python

2.7

3.4

hash collisions

denial of service

nvd

8.3 High

AI Score

Confidence

High

4.3 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:M/Au:N/C:N/I:N/A:P

0.003 Low

EPSS

Percentile

67.6%

JSON

Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.

CPENameOperatorVersion
apple:mac_os_xapple mac os xle10.10.4
python:pythonpythoneq2.7.6
python:pythonpythoneq3.3.5
python:pythonpythoneq3.1
python:pythonpythoneq3.3.3
python:pythonpythoneq3.1.1
python:pythonpythoneq3.3.2
python:pythonpythoneq3.0
python:pythonpythoneq3.3.1
python:pythonpythoneq3.0.1

CPE	Name	Operator	Version
apple:mac_os_x	apple mac os x	le	10.10.4
python:python	python	eq	2.7.6
python:python	python	eq	3.3.5
python:python	python	eq	3.1
python:python	python	eq	3.3.3
python:python	python	eq	3.1.1
python:python	python	eq	3.3.2
python:python	python	eq	3.0
python:python	python	eq	3.3.1
python:python	python	eq	3.0.1