CVE-2012-1150
Python < 2.6.8, 2.7.x < 2.7.3, 3.x < 3.1.5, 3.2.x < 3.2.3 - Denial of Service via Hash Collision
Title source: llmDescription
Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.
References (18)
Core 18
Core References
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1615-1
Patch, Vendor Advisory x_refsource_confirm
http://python.org/download/releases/3.2.3/
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/51087
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1592-1
Exploit x_refsource_confirm
http://bugs.python.org/issue13703
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1616-1
Various Sources mailing-list
x_refsource_mlist
http://mail.python.org/pipermail/python-dev/2011-December/115116.html
Mailing List vendor-advisory
x_refsource_apple
http://lists.apple.com/archives/security-announce/2013/Oct/msg00004.html
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/50858
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/51089
Various Sources mailing-list
x_refsource_mlist
http://mail.python.org/pipermail/python-dev/2012-January/115892.html
Issue Tracking x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=750555
Patch, Vendor Advisory x_refsource_confirm
http://python.org/download/releases/2.6.8/
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2012/03/10/3
Vendor Advisory vendor-advisory
x_refsource_ubuntu
http://www.ubuntu.com/usn/USN-1596-1
Patch, Vendor Advisory x_refsource_confirm
http://python.org/download/releases/3.1.5/
Patch, Vendor Advisory x_refsource_confirm
http://python.org/download/releases/2.7.3/
Mailing List vendor-advisory
x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00040.html
Scores
EPSS
0.0174
EPSS Percentile
82.8%
Details
CWE
CWE-310
Status
published
Products (49)
python/python
0.9.0
python/python
0.9.1
python/python
1.2
python/python
1.3
python/python
1.5.2
python/python
1.6
python/python
1.6.1
python/python
2.0
python/python
2.0.1
python/python
2.1
... and 39 more
Published
Oct 05, 2012
Tracked Since
Feb 18, 2026