CVE-2013-7040

macOS X < 10.10.4 - Denial of Service via Predictable Hash Collisions

Title source: llm
STIX 2.1

Description

Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.

References (6)

Core 6
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/64194
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/12/09/13
Mailing List mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2013/12/09/3
Mailing List vendor-advisory x_refsource_apple
http://lists.apple.com/archives/security-announce/2015/Aug/msg00001.html
Various Sources x_refsource_confirm
http://bugs.python.org/issue14621
Vendor Advisory x_refsource_confirm
https://support.apple.com/kb/HT205031

Scores

EPSS 0.0041
EPSS Percentile 61.7%

Details

CWE
CWE-310
Status published
Products (33)
apple/mac_os_x < 10.10.4
python/python 2.7.1 (2 CPE variants)
python/python 2.7.2 rc1
python/python 2.7.3
python/python 2.7.4
python/python 2.7.5
python/python 2.7.6
python/python 2.7.7
python/python 2.7.1150
python/python 2.7.2150
... and 23 more
Published May 19, 2014
Tracked Since Feb 18, 2026