CVE-2012-1150

Name of the Vulnerable Software and Affected Versions Python versions prior to 2.6.8 Python versions 2.7.x prior to 2.7.3 Python versions 3.x prior to 3.1.5 Python versions 3.2.x prior to 3.2.3

Description The issue allows context-dependent attackers to cause a denial of service, specifically high CPU consumption, via crafted input to an application that maintains a hash table. This is due to the computation of hash values without restricting the ability to trigger hash collisions predictably. An error within a hash generation function when hashing form posts and updating a hash table can be exploited to cause a hash collision. This can be achieved by sending a specially crafted form in an HTTP POST request.

Recommendations For versions prior to 2.6.8, update to version 2.6.8 or later. For versions 2.7.x prior to 2.7.3, update to version 2.7.3 or later. For versions 3.x prior to 3.1.5, update to version 3.1.5 or later. For versions 3.2.x prior to 3.2.3, update to version 3.2.3 or later.