cve/2012/CVE-2012-1150.md

CVE-2012-1150

Description

Python before 2.6.8, 2.7.x before 2.7.3, 3.x before 3.1.5, and 3.2.x before 3.2.3 computes hash values without restricting the ability to trigger hash collisions predictably, which allows context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.

POC

Reference

• http://bugs.python.org/issue13703
• http://www.ubuntu.com/usn/USN-1616-1

Github

• https://github.com/menkhus/falco
• https://github.com/victims/victims-cve-db