VDB
CVE-2013-7040
CVE-2013-7040
PUBLISHED
Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.
EPSS 0.41% · 61.9th percentile
Risk Scores
EPSS Score
0.41%
61.9th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| GCP | compute | |
| Oracle Cloud | compute | |
| Ubuntu:Pro:14.04:LTS | python2.7 | 2.7.5-8ubuntu3, 2.7.5-8ubuntu4, 2.7.6-2 |
Timeline
- May 19, 2014 CVE Published
- Feb 4, 2022 EPSS Score
- Mar 29, 2022 EPSS Score
- May 20, 2022 EPSS Score
- Jul 12, 2022 EPSS Score
- Sep 3, 2022 EPSS Score
- Dec 18, 2022 EPSS Score
- Feb 8, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 2, 2023 EPSS Score
- May 25, 2023 EPSS Score
- Jul 16, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2013-7040 third-party-advisory
- http://www.openwall.com/lists/oss-security/2013/12/09 third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2013-7040 third-party-advisory