CVE-2012-1150 (retired)

Priority
Description
Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before
3.2.3 computes hash values without restricting the ability to trigger hash
collisions predictably, which allows context-dependent attackers to cause a
denial of service (CPU consumption) via crafted input to an application
that maintains a hash table.
Notes
 jdstrand> patch does not change the default, so the risk of backporting to
  python2.5 and python2.4 outweighs the benefit of adding the patch. Ubuntu
  8.04 LTS who require this patch should upgrade to Ubuntu 10.04 LTS or
  another supported release.
 jdstrand> the patch for 3.2 on oneiric is somewhere between the upstream 3.1
  and 3.2 patches. Specifically, need the Modules/_datetimemodule.c changes
Assigned-to
jdstrand
Package
Upstream:needs-triage
Package
Upstream:needs-triage
Package
Upstream:released (2.6.8)
Patches:
Upstream:http://hg.python.org/cpython/rev/6b7704fe1be1
Package
Upstream:released (2.7.3~rc1-1)
Patches:
Upstream:http://hg.python.org/cpython/rev/a0f43f4481e0
Package
Upstream:released (3.2.3~rc1-1)
Patches:
Upstream:http://hg.python.org/cpython/rev/ed76dc34b39d
More Information

Updated: 2019-03-26 12:01:08 UTC (commit ccdecfcf0fead22bd291e5f4ea745a46872dcb15)