What is the severity of CVE-2013-7040?

CVE-2013-7040 has a medium severity level due to the potential for denial of service attacks through predictable hash collisions.

How do I fix CVE-2013-7040?

To fix CVE-2013-7040, upgrade to Python versions 2.7.8 or later, which contain the necessary patches.

What versions of Python are affected by CVE-2013-7040?

CVE-2013-7040 affects Python versions 2.7.1 through 2.7.7, as well as some earlier versions of Python 3.

How can CVE-2013-7040 be exploited?

CVE-2013-7040 can be exploited by attackers to cause a denial of service through the generation of hash collisions.

Is CVE-2013-7040 relevant for macOS users?

Yes, macOS versions up to 10.10.4 are also impacted by CVE-2013-7040 if they utilize the affected Python versions.

Vulnerability/
CVE-2013-7040

medium

4.3

CWE

310

19/5/2014

6/8/2024

CVE-2013-7040

First published: Mon May 19 2014(Updated: )

Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.

Credit: cve@mitre.org

Affected Software	Affected Version	How to fix
macOS Yosemite	<=10.10.4
Python Programming Language	=2.7.1
Python Programming Language	=2.7.1-rc1
Python Programming Language	=2.7.2-rc1
Python Programming Language	=2.7.3
Python Programming Language	=2.7.4
Python Programming Language	=2.7.5
Python Programming Language	=2.7.6
Python Programming Language	=2.7.7
Python Programming Language	=2.7.1150
Python Programming Language	=2.7.2150
Python Programming Language	=3.0
Python Programming Language	=3.0.1
Python Programming Language	=3.1
Python Programming Language	=3.1.1
Python Programming Language	=3.1.2
Python Programming Language	=3.1.3
Python Programming Language	=3.1.4
Python Programming Language	=3.1.5
Python Programming Language	=3.2
Python Programming Language	=3.2-alpha
Python Programming Language	=3.2.0
Python Programming Language	=3.2.1
Python Programming Language	=3.2.2
Python Programming Language	=3.2.3
Python Programming Language	=3.2.4
Python Programming Language	=3.2.5
Python Programming Language	=3.2.2150
Python Programming Language	=3.3
Python Programming Language	=3.3-beta2
Python Programming Language	=3.3.0
Python Programming Language	=3.3.1
Python Programming Language	=3.3.1-rc1
Python Programming Language	=3.3.2
Python Programming Language	=3.3.3
Python Programming Language	=3.3.3-rc1
Python Programming Language	=3.3.3-rc2
Python Programming Language	=3.3.4
Python Programming Language	=3.3.4-rc1
Python Programming Language	=3.3.5
Python Programming Language	=3.3.5-rc1
Python Programming Language	=3.3.5-rc2

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-7040?
CVE-2013-7040 has a medium severity level due to the potential for denial of service attacks through predictable hash collisions.
How do I fix CVE-2013-7040?
To fix CVE-2013-7040, upgrade to Python versions 2.7.8 or later, which contain the necessary patches.
What versions of Python are affected by CVE-2013-7040?
CVE-2013-7040 affects Python versions 2.7.1 through 2.7.7, as well as some earlier versions of Python 3.
How can CVE-2013-7040 be exploited?
CVE-2013-7040 can be exploited by attackers to cause a denial of service through the generation of hash collisions.
Is CVE-2013-7040 relevant for macOS users?
Yes, macOS versions up to 10.10.4 are also impacted by CVE-2013-7040 if they utilize the affected Python versions.

agent/references
agent/type
collector/mitre-cve
source/MITRE
agent/weakness
agent/severity
agent/last-modified-date
agent/author
agent/description
agent/first-publish-date
agent/event
agent/source
agent/softwarecombine
agent/tags
collector/nvd-index
agent/software-canonical-lookup-request
vendor/apple
canonical/macos yosemite
version/macos yosemite/10.10.4
vendor/python
canonical/python programming language
version/python programming language/2.7.1
version/python programming language/2.7.1-rc1
version/python programming language/2.7.2-rc1
version/python programming language/2.7.3
version/python programming language/2.7.4
version/python programming language/2.7.5
version/python programming language/2.7.6
version/python programming language/2.7.7
version/python programming language/2.7.1150
version/python programming language/2.7.2150
version/python programming language/3.0
version/python programming language/3.0.1
version/python programming language/3.1
version/python programming language/3.1.1
version/python programming language/3.1.2
version/python programming language/3.1.3
version/python programming language/3.1.4
version/python programming language/3.1.5
version/python programming language/3.2
version/python programming language/3.2-alpha
version/python programming language/3.2.0
version/python programming language/3.2.1
version/python programming language/3.2.2
version/python programming language/3.2.3
version/python programming language/3.2.4
version/python programming language/3.2.5
version/python programming language/3.2.2150
version/python programming language/3.3
version/python programming language/3.3-beta2
version/python programming language/3.3.0
version/python programming language/3.3.1
version/python programming language/3.3.1-rc1
version/python programming language/3.3.2
version/python programming language/3.3.3
version/python programming language/3.3.3-rc1
version/python programming language/3.3.3-rc2
version/python programming language/3.3.4
version/python programming language/3.3.4-rc1
version/python programming language/3.3.5
version/python programming language/3.3.5-rc1
version/python programming language/3.3.5-rc2

CVE-2013-7040

Never miss a vulnerability like this again

Reference Links

Frequently Asked Questions

What is the severity of CVE-2013-7040?

How do I fix CVE-2013-7040?

What versions of Python are affected by CVE-2013-7040?

How can CVE-2013-7040 be exploited?

Is CVE-2013-7040 relevant for macOS users?

Company

Resources

Contact

Frequently Asked Questions

What is the severity of CVE-2013-7040?

How do I fix CVE-2013-7040?

What versions of Python are affected by CVE-2013-7040?

How can CVE-2013-7040 be exploited?

Is CVE-2013-7040 relevant for macOS users?