CVE-2013-7040

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2013-7040
Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.

4.3 /10

CVSS v2.0 : MEDIUM

V2 Legend

Vector : AV:N/AC:M/Au:N/C:N/I:N/A:P

Exploitability : 8.6 / Impact : 2.9

Access Vector NETWORK

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact PARTIAL

References
Link Resource
http://bugs.python.org/issue14621
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
http://www.openwall.com/lists/oss-security/2013/12/09/13
http://www.openwall.com/lists/oss-security/2013/12/09/3
http://www.securityfocus.com/bid/64194
https://support.apple.com/kb/HT205031 Vendor Advisory
Configurations

Configuration 1 (hide)

cpe:2.3:o:apple:mac_os_x:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR cpe:2.3:a:python:python:2.7.1:*:*:*:*:*:*:*
cpe:2.3:a:python:python:2.7.1:rc1:*:*:*:*:*:*
cpe:2.3:a:python:python:2.7.2:rc1:*:*:*:*:*:*
cpe:2.3:a:python:python:2.7.3:*:*:*:*:*:*:*
cpe:2.3:a:python:python:2.7.4:*:*:*:*:*:*:*
cpe:2.3:a:python:python:2.7.5:*:*:*:*:*:*:*
cpe:2.3:a:python:python:2.7.6:*:*:*:*:*:*:*
cpe:2.3:a:python:python:2.7.7:*:*:*:*:*:*:*
cpe:2.3:a:python:python:2.7.1150:*:*:*:*:*:*:*
cpe:2.3:a:python:python:2.7.2150:*:*:*:*:*:*:*
cpe:2.3:a:python:python:3.0:*:*:*:*:*:*:*
cpe:2.3:a:python:python:3.0.1:*:*:*:*:*:*:*
cpe:2.3:a:python:python:3.1:*:*:*:*:*:*:*
cpe:2.3:a:python:python:3.1.1:*:*:*:*:*:*:*
cpe:2.3:a:python:python:3.1.2:*:*:*:*:*:*:*
cpe:2.3:a:python:python:3.1.3:*:*:*:*:*:*:*
cpe:2.3:a:python:python:3.1.4:*:*:*:*:*:*:*
cpe:2.3:a:python:python:3.1.5:*:*:*:*:*:*:*
cpe:2.3:a:python:python:3.2:*:*:*:*:*:*:*
cpe:2.3:a:python:python:3.2:alpha:*:*:*:*:*:*
cpe:2.3:a:python:python:3.2.0:*:*:*:*:*:*:*
cpe:2.3:a:python:python:3.2.1:*:*:*:*:*:*:*
cpe:2.3:a:python:python:3.2.2:*:*:*:*:*:*:*
cpe:2.3:a:python:python:3.2.3:*:*:*:*:*:*:*
cpe:2.3:a:python:python:3.2.4:*:*:*:*:*:*:*
cpe:2.3:a:python:python:3.2.5:*:*:*:*:*:*:*
cpe:2.3:a:python:python:3.2.2150:*:*:*:*:*:*:*
cpe:2.3:a:python:python:3.3:*:*:*:*:*:*:*
cpe:2.3:a:python:python:3.3:beta2:*:*:*:*:*:*
cpe:2.3:a:python:python:3.3.0:*:*:*:*:*:*:*
cpe:2.3:a:python:python:3.3.1:*:*:*:*:*:*:*
cpe:2.3:a:python:python:3.3.1:rc1:*:*:*:*:*:*
cpe:2.3:a:python:python:3.3.2:*:*:*:*:*:*:*
cpe:2.3:a:python:python:3.3.3:*:*:*:*:*:*:*
cpe:2.3:a:python:python:3.3.3:rc1:*:*:*:*:*:*
cpe:2.3:a:python:python:3.3.3:rc2:*:*:*:*:*:*
cpe:2.3:a:python:python:3.3.4:*:*:*:*:*:*:*
cpe:2.3:a:python:python:3.3.4:rc1:*:*:*:*:*:*
cpe:2.3:a:python:python:3.3.5:-:*:*:*:*:*:*
cpe:2.3:a:python:python:3.3.5:rc1:*:*:*:*:*:*
cpe:2.3:a:python:python:3.3.5:rc2:*:*:*:*:*:*
History

No history.

Information

Published : 2014-05-19 14:55

Updated : 2023-12-10 11:31

NVD link : CVE-2013-7040

Mitre link : CVE-2013-7040

CVE.ORG link : CVE-2013-7040

JSON object : View

Products Affected

python

  • python

apple

  • mac_os_x
CWE
CWE-310

Cryptographic Issues