Bug 755383 - VUL-0: python: hash collision DoS
VUL-0: python: hash collision DoS
Status: RESOLVED FIXED
Classification: openSUSE
Product: openSUSE 12.1
Classification: openSUSE
Component: Other
Final
Other Other
: P2 - High : Normal (vote)
: ---
Assigned To: Security Team bot
Security Team bot
CVSSv3.1:SUSE:CVE-2012-1150:5.3:(AV:N...
:
Depends on: CVE-2012-1150
Blocks:
  Show dependency treegraph
 
Reported: 2012-04-03 07:35 UTC by Michal Vyskocil
Modified: 2020-06-22 08:37 UTC (History)
2 users (show)

See Also:
Found By: Other
Services Priority:
Business Priority:
Blocker: ---
Marketing QA Status: ---
IT Deployment: ---


Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description Michal Vyskocil 2012-04-03 07:35:13 UTC
+++ This bug was initially created as a clone of Bug #751718 +++

Your friendly security team received the following report via oss-security.
Please respond ASAP.
The issue is public.

CVE-2012-1150

python dictionaries are prone to hash table collision attacks. Web services for example might store parameters of a GET or POST request in a dictionary. An attacker may use this to cause high CPU load

http://bugs.python.org/issue13703
http://seclists.org/fulldisclosure/2011/Dec/477
http://www.ocert.org/advisories/ocert-2011-003.html
https://bugzilla.redhat.com/show_bug.cgi?id=750555

---------------------------

This one is for python3 for openSUSE 12.1 only.
Comment 1 Jan Matejek 2012-04-06 17:28:50 UTC
python3 is fixed in SR #112896

reassigning to security
Comment 2 Ludwig Nussel 2012-06-06 08:12:07 UTC
already released