REDHAT-BUG-750555
First published: Tue Nov 01 2011(Updated: )
Julian Wälde and Alexander Klink reported a flaw in the hash function used in the implementation of the Python dictionaries (associative arrays). A specially-crafted set of keys could trigger hash function collisions, which degrade dictionary performance by changing hash table operations complexity from an expected/average O(1) to the worst case O(n). Reporters were able to find colliding strings efficiently using meet in the middle attack. As various web application frameworks for Python automatically pre-fill certain dictionaries with data from the HTTP request (such as GET or POST parameters) for Python web application, a remote attacker could use this flaw to make Python interpreter use excessive amount of CPU time by sending a POST request with large amount of parameters which hash to the same value. This problem is similar to the issue that was previously reported for and fixed in e.g. perl: <a href="http://www.cs.rice.edu/~scrosby/hash/CrosbyWallach_UsenixSec2003.pdf">http://www.cs.rice.edu/~scrosby/hash/CrosbyWallach_UsenixSec2003.pdf</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| CPython |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.cs.rice.edu/~scrosby/hash/CrosbyWallach_UsenixSec2003.pdf
- http://events.ccc.de/congress/2011/Fahrplan/events/4680.en.html
- http://seclists.org/fulldisclosure/2011/Dec/477
- http://www.ocert.org/advisories/ocert-2011-003.html
- http://www.nruns.com/_downloads/advisory28122011.pdf
- http://events.ccc.de/congress/2011/Fahrplan/attachments/2007_28C3_Effective_DoS_on_web_application_platforms.pdf
- http://www.youtube.com/28c3#p/u/22/R2Cq3CLI6H8
- http://cryptanalysis.eu/blog/2011/12/28/effective-dos-attacks-against-web-application-plattforms-hashdos/
- http://mail.python.org/pipermail/python-dev/2011-December/115116.html
- http://mail.python.org/pipermail/python-dev/2003-May/035874.html
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=750555#c10
- http://thread.gmane.org/gmane.comp.python.devel/128267
- http://thread.gmane.org/gmane.comp.python.devel/50762
- http://bugs.python.org/issue13703
- http://comments.gmane.org/gmane.comp.python.devel/128617
- http://mail.python.org/pipermail/python-dev/2012-January/115690.html
- http://mail.python.org/pipermail/python-dev/2012-January/115692.html
- http://bugs.python.org/file24151/hash-attack.patch
- http://bugs.python.org/file24286
- http://bugs.python.org/issue13703#msg151707
- http://bugs.python.org/file24288
- http://bugs.python.org/issue13703#msg151714
- http://bugs.python.org/file24289
- http://bugs.python.org/issue13703#msg151735
- http://bugs.python.org/issue13703#msg151796
- http://bugs.python.org/issue13703#msg151847
- http://bugs.python.org/issue13703#msg151939
- http://mail.python.org/pipermail/python-dev/2012-January/115892.html
- http://www.openwall.com/lists/oss-security/2012/03/10/3
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=802209
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=802210
- http://python.org/download/releases/2.6.8/
- http://python.org/download/releases/2.7.3/
- http://python.org/download/releases/3.1.5/
- http://python.org/download/releases/3.2.3/
- http://docs.python.org/release/2.6.8/using/cmdline.html#cmdoption-R
- http://docs.python.org/release/2.6.8/using/cmdline.html#envvar-PYTHONHASHSEED
- http://bugs.python.org/issue14444#msg158172
- http://www.virtualenv.org/en/latest/news.html
- https://rhn.redhat.com/errata/RHSA-2012-0744.html
- https://rhn.redhat.com/errata/RHSA-2012-0745.html
- https://access.redhat.com/security/cve/CVE-2013-7040
- https://bugzilla.redhat.com/show_bug.cgi?id=750555
Frequently Asked Questions
What is the severity of REDHAT-BUG-750555?
The severity of REDHAT-BUG-750555 is considered moderate due to potential performance degradation caused by hash collisions.
How do I fix REDHAT-BUG-750555?
To fix REDHAT-BUG-750555, update to the latest version of Python that addresses the vulnerability.
What are the symptoms of REDHAT-BUG-750555?
Symptoms of REDHAT-BUG-750555 may include significant slowdowns in dictionary operations when using specially-crafted keys.
Who is affected by REDHAT-BUG-750555?
Users of Python software, particularly those utilizing dictionaries in their applications, are affected by REDHAT-BUG-750555.
When was REDHAT-BUG-750555 disclosed?
REDAHT-BUG-750555 was disclosed by Julian Wälde and Alexander Klink, highlighting vulnerabilities related to dictionary hashing in Python.
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2012-1150
- agent/severity
- agent/references
- agent/description
- agent/event
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/python software foundation
- canonical/cpython