CVE-2013-7040 — Python vulnerability

11 documents7 sources

Severity

4.3MEDIUMNVD

OSV5.0

EPSS

0.7%

top 27.41%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Apple MAC OS X Apple OS X Yosemite V10.10.5 AND Security Update 2015-006 Python +1 more

Timeline

PublishedMay 19

Latest updateMay 13

Description

Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.

CVSS vector

AV:N/AC:M/C:N/I:N/A:PExploitability: 8.6 | Impact: 2.9

Affected Packages4 packages

▶NVDpython/python32 versions+31

▶debiandebian/python2.7

▶NVDapple/mac_os_x10.10.4

▶Appleapple/os_x_yosemite_v10.10.5_and_security_update_2015-006

🔴Vulnerability Details

GHSA

GHSA-cjvq-9vmj-3482: Python 2↗2022-05-13

▶

OSV

CVE-2013-7040: Python 2↗2014-05-19

▶

📋Vendor Advisories

Red Hat

python: hash secret can be recovered remotely↗2013-12-09

▶

Debian

CVE-2013-7040: python2.7 - Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize h...↗2013

▶

Apple

CVE-2013-7040: OS X Yosemite v10.10.5 and Security Update 2015-006↗

▶

💬Community

Bugzilla

CVE-2013-7040 python26: python: hash secret can be recovered remotely [epel-5]↗2013-12-10

▶

Bugzilla

CVE-2013-7040 python3: python: hash secret can be recovered remotely [fedora-all]↗2013-12-10

▶

Bugzilla

CVE-2013-7040 python: hash secret can be recovered remotely↗2013-12-10

▶

Bugzilla

CVE-2013-7040 python: hash secret can be recovered remotely [fedora-all]↗2013-12-10

▶

Bugzilla

CVE-2012-1150 python: hash table collisions CPU usage DoS (oCERT-2011-003)↗2011-11-01

▶