CVE-2013-7040

EUVD-2013-6840

19.05.2014, 14:55

Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.

Provider	Type	Base Score	Atk. Vector	Atk. Complexity	Priv. Required	Vector
NIST	Primary	4.3 UNKNOWN	NETWORK	MEDIUM		AV:N/AC:M/Au:N/C:N/I:N/A:P

Base Score

CVSS 3.x

EPSS Score

Percentile: 72%

Affected Products (NVD)

Vendor	Product	Version
apple	mac_os_x	𝑥 ≤ 10.10.4
python	python	2.7.1
python	python	2.7.1:rc1
python	python	2.7.2:rc1
python	python	2.7.3
python	python	2.7.4
python	python	2.7.5
python	python	2.7.6
python	python	2.7.7
python	python	2.7.1150
python	python	2.7.2150
python	python	3.0
python	python	3.0.1
python	python	3.1
python	python	3.1.1
python	python	3.1.2
python	python	3.1.3
python	python	3.1.4
python	python	3.1.5
python	python	3.2
python	python	3.2:alpha
python	python	3.2.0
python	python	3.2.1
python	python	3.2.2
python	python	3.2.3
python	python	3.2.4
python	python	3.2.5
python	python	3.2.2150
python	python	3.3
python	python	3.3:beta2
python	python	3.3.0
python	python	3.3.1
python	python	3.3.1:rc1
python	python	3.3.2
python	python	3.3.3
python	python	3.3.3:rc1
python	python	3.3.3:rc2
python	python	3.3.4
python	python	3.3.4:rc1
python	python	3.3.5
python	python	3.3.5:rc1
python	python	3.3.5:rc2