BeyondTrust

Security in Context: The BeyondTrust Blog

Welcome to the Zeroday Tracker: Your Vulnerability Watchlist

Get critical updates on the latest zeroday threats, including impact, mitigation and protection information - only from BeyondTrust.

Python Hash Collision Denial of Service Vulnerability

Disclosed April 19, 2012    Fully Patched

Vulnerability Description:

A denial of service condition exist when hashing form posts, which can cause a hash collision that results in high CPU consuption. This can be accomlished via a malicious HTTP POST request.

Vendors:

Python

Vulnerable Software/Devices:

Python 2.7
Python 3.3

Vulnerability Severity:

Medium

Exploit Availability:

Publicly Available

Exploit Impact:

Denial of Service
Exploitation of this vulnerability will render the service on the affected system unresponsive for a limited time. Attackers can continue sending malicious payloads to continue the denial of service condition indefinitely.

BeyondTrust Prevention and Detection:

BeyondTrust's Retina® Network Security Scanner scans devices to detect for this vulnerability.

  • 31951 - Python Hash Collision Denial of Service Vulnerability (20131218) - Windows
  • 31952 - Python Hash Collision Denial of Service Vulnerability (20131218) - UNIX/Linux

Mitigation:

No mitigation exists.

Links:

CVE(s):