Cryptographic Issues

Affecting python2.7 package, versions *

Report new vulnerabilities
Do your applications use this vulnerable package? Test your applications

Overview

Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.

References

CVSS Score

4.3
low severity
  • Attack Vector
    Network
  • Attack Complexity
    Low
  • Privileges Required
    None
  • User Interaction
    Required
  • Scope
    Unchanged
  • Confidentiality
    None
  • Integrity
    None
  • Availability
    Low
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:L
CVE
CVE-2013-7040
CWE
CWE-310
Snyk ID
SNYK-DEBIAN10-PYTHON27-306560
Disclosed
19 May, 2014
Published
19 May, 2014