What is the severity of CVE-2012-1150?

CVE-2012-1150 has been classified as a moderate severity vulnerability due to its potential to degrade dictionary performance in Python.

How do I fix CVE-2012-1150?

To fix CVE-2012-1150, update to a patched version of Python, specifically versions 2.7.18-8+deb11u1 or later.

What are the affected versions of Python for CVE-2012-1150?

CVE-2012-1150 affects Python versions prior to 2.7.18 and includes multiple earlier versions such as 2.6.7 and 3.1.x.

What type of vulnerability is CVE-2012-1150?

CVE-2012-1150 is a denial-of-service vulnerability due to hash collisions that impact performance.

Can CVE-2012-1150 allow for remote code execution?

No, CVE-2012-1150 does not allow for remote code execution but solely affects the performance of dictionary operations.

Vulnerability/
CVE-2012-1150

medium

CWE

310

1/11/2011

5/10/2012

21/11/2024

CVE-2012-1150

First published: Tue Nov 01 2011(Updated: )

Julian Wälde and Alexander Klink reported a flaw in the hash function used in the implementation of the Python dictionaries (associative arrays). A specially-crafted set of keys could trigger hash function collisions, which degrade dictionary performance by changing hash table operations complexity from an expected/average O(1) to the worst case O(n). Reporters were able to find colliding strings efficiently using meet in the middle attack. As various web application frameworks for Python automatically pre-fill certain dictionaries with data from the HTTP request (such as GET or POST parameters) for Python web application, a remote attacker could use this flaw to make Python interpreter use excessive amount of CPU time by sending a POST request with large amount of parameters which hash to the same value. This problem is similar to the issue that was previously reported for and fixed in e.g. perl: <a href="http://www.cs.rice.edu/~scrosby/hash/CrosbyWallach_UsenixSec2003.pdf">http://www.cs.rice.edu/~scrosby/hash/CrosbyWallach_UsenixSec2003.pdf</a>

Credit: secalert@redhat.com secalert@redhat.com

Affected Software	Affected Version	How to fix
debian/python2.7		2.7.18-8+deb11u1
Python Programming Language	<=2.6.7
Python Programming Language	=0.9.0
Python Programming Language	=0.9.1
Python Programming Language	=1.2
Python Programming Language	=1.3
Python Programming Language	=1.5.2
Python Programming Language	=1.6
Python Programming Language	=1.6.1
Python Programming Language	=2.0
Python Programming Language	=2.0.1
Python Programming Language	=2.1
Python Programming Language	=2.1.1
Python Programming Language	=2.1.2
Python Programming Language	=2.1.3
Python Programming Language	=2.2
Python Programming Language	=2.2.1
Python Programming Language	=2.2.2
Python Programming Language	=2.2.3
Python Programming Language	=2.3.1
Python Programming Language	=2.3.2
Python Programming Language	=2.3.3
Python Programming Language	=2.3.4
Python Programming Language	=2.3.5
Python Programming Language	=2.3.7
Python Programming Language	=2.4.1
Python Programming Language	=2.4.2
Python Programming Language	=2.4.3
Python Programming Language	=2.4.4
Python Programming Language	=2.4.6
Python Programming Language	=2.5.1
Python Programming Language	=2.5.2
Python Programming Language	=2.5.3
Python Programming Language	=2.5.4
Python Programming Language	=2.5.6
Python Programming Language	=2.5.150
Python Programming Language	=2.6.1
Python Programming Language	=2.6.2
Python Programming Language	=2.6.3
Python Programming Language	=2.6.4
Python Programming Language	=2.6.5
Python Programming Language	=2.6.6
Python Programming Language	=2.6.2150
Python Programming Language	=2.6.6150
Python Programming Language	=2.7.1
Python Programming Language	=2.7.1-rc1
Python Programming Language	=2.7.2-rc1
Python Programming Language	=2.7.1150
Python Programming Language	=2.7.2150
Python Programming Language	=3.0
Python Programming Language	=3.0.1
Python Programming Language	=3.1
Python Programming Language	=3.1.1
Python Programming Language	=3.1.2
Python Programming Language	=3.1.3
Python Programming Language	=3.1.4
Python Programming Language	=3.2
Python Programming Language	=3.2-alpha
Python Programming Language	=3.2.2150

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-1150?
CVE-2012-1150 has been classified as a moderate severity vulnerability due to its potential to degrade dictionary performance in Python.
How do I fix CVE-2012-1150?
To fix CVE-2012-1150, update to a patched version of Python, specifically versions 2.7.18-8+deb11u1 or later.
What are the affected versions of Python for CVE-2012-1150?
CVE-2012-1150 affects Python versions prior to 2.7.18 and includes multiple earlier versions such as 2.6.7 and 3.1.x.
What type of vulnerability is CVE-2012-1150?
CVE-2012-1150 is a denial-of-service vulnerability due to hash collisions that impact performance.
Can CVE-2012-1150 allow for remote code execution?
No, CVE-2012-1150 does not allow for remote code execution but solely affects the performance of dictionary operations.

agent/type
agent/first-publish-date
collector/launchpad-cve
source/Launchpad
collector/redhat-bugzilla
source/Red Hat
alias/CVE-2012-1150
agent/author
agent/weakness
agent/severity
collector/security-tracker-debian
source/Debian
agent/software-canonical-lookup
collector/usn-cve
source/Ubuntu
agent/references
agent/remedy
agent/softwarecombine
agent/event
agent/description
agent/trending
agent/last-modified-date
agent/source
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
collector/nvd-cve
source/NVD
package-manager/debian
vendor/python
canonical/python programming language
version/python programming language/2.6.7
version/python programming language/0.9.0
version/python programming language/0.9.1
version/python programming language/1.2
version/python programming language/1.3
version/python programming language/1.5.2
version/python programming language/1.6
version/python programming language/1.6.1
version/python programming language/2.0
version/python programming language/2.0.1
version/python programming language/2.1
version/python programming language/2.1.1
version/python programming language/2.1.2
version/python programming language/2.1.3
version/python programming language/2.2
version/python programming language/2.2.1
version/python programming language/2.2.2
version/python programming language/2.2.3
version/python programming language/2.3.1
version/python programming language/2.3.2
version/python programming language/2.3.3
version/python programming language/2.3.4
version/python programming language/2.3.5
version/python programming language/2.3.7
version/python programming language/2.4.1
version/python programming language/2.4.2
version/python programming language/2.4.3
version/python programming language/2.4.4
version/python programming language/2.4.6
version/python programming language/2.5.1
version/python programming language/2.5.2
version/python programming language/2.5.3
version/python programming language/2.5.4
version/python programming language/2.5.6
version/python programming language/2.5.150
version/python programming language/2.6.1
version/python programming language/2.6.2
version/python programming language/2.6.3
version/python programming language/2.6.4
version/python programming language/2.6.5
version/python programming language/2.6.6
version/python programming language/2.6.2150
version/python programming language/2.6.6150
version/python programming language/2.7.1
version/python programming language/2.7.1-rc1
version/python programming language/2.7.2-rc1
version/python programming language/2.7.1150
version/python programming language/2.7.2150
version/python programming language/3.0
version/python programming language/3.0.1
version/python programming language/3.1
version/python programming language/3.1.1
version/python programming language/3.1.2
version/python programming language/3.1.3
version/python programming language/3.1.4
version/python programming language/3.2
version/python programming language/3.2-alpha
version/python programming language/3.2.2150

CVE-2012-1150

Remedy

Remedy

Remedy

Remedy

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2012-1150?

How do I fix CVE-2012-1150?

What are the affected versions of Python for CVE-2012-1150?

What type of vulnerability is CVE-2012-1150?

Can CVE-2012-1150 allow for remote code execution?

Company

Resources

Contact