5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
PARTIAL
AV:N/AC:L/Au:N/C:N/I:N/A:P
0.007 Low
EPSS
Percentile
80.3%
Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before
3.2.3 computes hash values without restricting the ability to trigger hash
collisions predictably, which allows context-dependent attackers to cause a
denial of service (CPU consumption) via crafted input to an application
that maintains a hash table.
Author | Note |
---|---|
jdstrand | patch does not change the default, so the risk of backporting to python2.5 and python2.4 outweighs the benefit of adding the patch. Ubuntu 8.04 LTS who require this patch should upgrade to Ubuntu 10.04 LTS or another supported release. the patch for 3.2 on oneiric is somewhere between the upstream 3.1 and 3.2 patches. Specifically, need the Modules/_datetimemodule.c changes |
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 10.04 | noarch | python2.6 | <Β 2.6.5-1ubuntu6.1 | UNKNOWN |
ubuntu | 11.04 | noarch | python2.6 | <Β 2.6.6-6ubuntu7.1 | UNKNOWN |
ubuntu | 11.10 | noarch | python2.6 | <Β 2.6.7-4ubuntu1.1 | UNKNOWN |
ubuntu | 11.04 | noarch | python2.7 | <Β 2.7.1-5ubuntu2.2 | UNKNOWN |
ubuntu | 11.10 | noarch | python2.7 | <Β 2.7.2-5ubuntu1.1 | UNKNOWN |
ubuntu | 10.04 | noarch | python3.1 | <Β 3.1.2-0ubuntu3.2 | UNKNOWN |
ubuntu | 11.04 | noarch | python3.1 | <Β 3.1.3-1ubuntu1.2 | UNKNOWN |
ubuntu | 11.04 | noarch | python3.2 | <Β 3.2-1ubuntu1.2 | UNKNOWN |
ubuntu | 11.10 | noarch | python3.2 | <Β 3.2.2-0ubuntu1.1 | UNKNOWN |
launchpad.net/bugs/cve/CVE-2012-1150
nvd.nist.gov/vuln/detail/CVE-2012-1150
security-tracker.debian.org/tracker/CVE-2012-1150
ubuntu.com/security/notices/USN-1592-1
ubuntu.com/security/notices/USN-1596-1
ubuntu.com/security/notices/USN-1615-1
ubuntu.com/security/notices/USN-1616-1
www.cve.org/CVERecord?id=CVE-2012-1150