PSF-2014-2
See a problem?- Import Source
- https://github.com/psf/advisory-database/blob/main/advisories/python/PSF-2014-2.json
- JSON Data
- https://api.osv.dev/v1/vulns/PSF-2014-2
- Aliases
- Published
- 2014-05-19T14:00:00Z
- Modified
- 2025-10-09T00:57:34.514276Z
- Summary
- Hash function not randomized properly
- Details
-
Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table. NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.
- Database specific
{ "cwe_ids": [] }- References
Affected packages
Git / github.com/python/cpython
Affected ranges
- Type
- GIT
- Repo
- https://github.com/python/cpython
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
2.*
2.5
v0.*
v0.9.8
v0.9.9
v1.*
v1.0.1
v1.0.2
v1.1
v1.1.1
v1.2
v1.2b1
v1.2b2
v1.2b3
v1.2b4
v1.3
v1.3b1
v1.4
v1.4b1
v1.4b2
v1.4b3
v1.5
v1.5.1
v1.5.2
v1.5.2a1
v1.5.2a2
v1.5.2b1
v1.5.2b2
v1.5.2c1
v1.5a1
v1.5a2
v1.5a3
v1.5a4
v1.5b1
v1.5b2
v1.6a1
v1.6a2
v2.*
v2.0
v2.0b1
v2.0b2
v2.0c1
v2.1
v2.1a1
v2.1a2
v2.1b1
v2.1b2
v2.1c1
v2.1c2
v2.2a3
v2.3c1
v2.3c2
v2.4
v2.4a1
v2.4a2
v2.4a3
v2.4b1
v2.4b2
v2.4c1
v2.5
v2.5.1
v2.5.1c1
v2.5.2
v2.5.2c1
v2.5.3
v2.5.3c1
v2.5.4
v2.5.5
v2.5.5c1
v2.5.5c2
v2.5.6
v2.5.6c1
v2.5a0
v2.5a1
v2.5a2
v2.5b1
v2.5b2
v2.5b3
v2.5c1
v2.5c2
v2.6
v2.6.1
v2.6.2
v2.6.2c1
v2.6.3
v2.6.3rc1
v2.6.4
v2.6.4rc1
v2.6.4rc2
v2.6.5
v2.6.5rc1
v2.6.5rc2
v2.6.6
v2.6.6rc1
v2.6.6rc2
v2.6.7
v2.6.8
v2.6.8rc1
v2.6.8rc2
v2.6a1
v2.6a2
v2.6a3
v2.6b1
v2.6b2
v2.6b3
v2.6rc1
v2.6rc2
v2.7
v2.7.1
v2.7.1rc1
v2.7.2
v2.7.2rc1
v2.7.3
v2.7.3rc1
v2.7.3rc2
v2.7.4rc1
v2.7a1
v2.7a2
v2.7a3
v2.7a4
v2.7b1
v2.7b2
v2.7rc1
v2.7rc2
v3.*
v3.0a1
v3.0a2
v3.0a3
v3.0a4
v3.0a5
v3.0b1
v3.0b2
v3.0b3
v3.0rc1
v3.0rc2
v3.0rc3
v3.1
v3.1.1
v3.1.1rc1
v3.1.2
v3.1.2rc1
v3.1.3
v3.1.3rc1
v3.1.4
v3.1.4rc1
v3.1.5
v3.1.5rc1
v3.1.5rc2
v3.1a1
v3.1a2
v3.1b1
v3.1rc1
v3.1rc2
v3.2
v3.2.1
v3.2.1b1
v3.2.1rc1
v3.2.1rc2
v3.2.2
v3.2.2rc1
v3.2.3
v3.2.3rc1
v3.2.3rc2
v3.2.4
v3.2.4rc1
v3.2.5
v3.2a1
v3.2a2
v3.2a3
v3.2a4
v3.2b1
v3.2b2
v3.2rc1
v3.2rc2
v3.2rc3
v3.3.0
v3.3.0a1
v3.3.0a2
v3.3.0a3
v3.3.0a4
v3.3.0b1
v3.3.0b2
v3.3.0rc1
v3.3.0rc2
v3.3.0rc3
v3.3.1
v3.3.1rc1
v3.3.2
v3.3.3
v3.3.3rc1
v3.3.3rc2
v3.4.0a1
v3.4.0a2
v3.4.0a3
v3.4.0a4
Database specific
vanir_signatures
[
{
"deprecated": false,
"signature_version": "v1",
"id": "PSF-2014-2-0db04214",
"digest": {
"line_hashes": [
"170606675768881172227392441879013360087",
"281696713384821912542308563627641571006",
"279054485932817896759540677093743137691",
"306061175197545815519438348364461777483",
"213695074016940142474700588137055978496",
"169703303557574351476028314863540321716",
"168836785770916041051100320563049672634",
"208682387923955062845109915585614883301",
"84375579181416301737834379348684636058",
"117413636268713199481015690843769903336",
"14486709673137333318969813292947633472",
"102115076506000049542083340917356280389",
"217739480979690123971973723732839773359",
"309450758388592676513965475653411201526",
"31288489926331735092358789176691868013",
"148510699510184036207864475655194342509",
"22136552845230773325954036971769086693",
"333206265388298609222612747330747353313",
"324875350562675324432727222205297230321",
"296131487254823013745044215241253018137",
"239302580458030394505298573891271505939",
"109202099391883759349991126679393383305",
"45012293411669793173435511160433080857"
],
"threshold": 0.9
},
"source": "https://github.com/python/cpython/commit/985ecdcfc29adfc36ce2339acf03f819ad414869",
"signature_type": "Line",
"target": {
"file": "Python/random.c"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "PSF-2014-2-115e7969",
"digest": {
"length": 948.0,
"function_hash": "314698367302638265744116069332268804936"
},
"source": "https://github.com/python/cpython/commit/985ecdcfc29adfc36ce2339acf03f819ad414869",
"signature_type": "Function",
"target": {
"file": "Python/random.c",
"function": "_PyRandom_Init"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "PSF-2014-2-4c061963",
"digest": {
"line_hashes": [
"209368284651343679119939621838578566439",
"207846836088509177037733782193285389785",
"281116244819932449237525906994634330267",
"311761123180382543378070714978741997155",
"234106847650878406079703008997509764936",
"286644561566080035769421239405308353070",
"228061134543153108934267313512153797581",
"284454314701622543297562801232365574159",
"215654153126260096812838154647479188923",
"108234975572611362809892620605170943038"
],
"threshold": 0.9
},
"source": "https://github.com/python/cpython/commit/985ecdcfc29adfc36ce2339acf03f819ad414869",
"signature_type": "Line",
"target": {
"file": "Include/pyport.h"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "PSF-2014-2-4d74896a",
"digest": {
"length": 1381.0,
"function_hash": "102228086997805639491055836900863018483"
},
"source": "https://github.com/python/cpython/commit/985ecdcfc29adfc36ce2339acf03f819ad414869",
"signature_type": "Function",
"target": {
"file": "Python/pythonrun.c",
"function": "Py_Finalize"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "PSF-2014-2-63563405",
"digest": {
"line_hashes": [
"31536833840797854148384137853587777838",
"125999191124976003200873095854201220907",
"328300771165862611539483092720219454617",
"261055498729775049444804444390861312771",
"75293568314224071256457801443237006227",
"165093507641113431997187310215297693518",
"286963542130916277021253669958263681646",
"76297627227077869668538821754996470940",
"50514356272635960999759755197265901445",
"193493058625039119937947960163209305272",
"295927802290020991556681498489570220109",
"279944489073981564905446999188391372057",
"196547272253519468307408841812878685487",
"48060066421034067765848202931339159937",
"257383869311091081682590314668372500369",
"275558649382080551579437556661955953418",
"134667427114196603264500305920389151637",
"298080513752224443719334869881789246205",
"161748645637120736837829012376685575676",
"271408626275102856759452701707629501002",
"38736059378438957260949281200159241359",
"243279424258627078357700992486877385214",
"205834237497786336593629766480497322414",
"52478229912285107660685586824295881924",
"77067017470792141740193308797278835426",
"127876931470944339905813432259517069640",
"266273407596274479273438093200549916666",
"91988593967393981994330187926357128184",
"110423038278508472128094473300017147682",
"289668191781513208599184042957762145674",
"32887746624593712237968574747536781103",
"88622465845906268440255461483379992278",
"95400859657038140068332878703842129547",
"258438403959162453559288145177159393597",
"5445393561088713587017964329601754110",
"85893909617150200415930699764413920695",
"5010294788469185414807519873507826325",
"306992257152826471005169793477375574540",
"89166303788952374879295546650471008729",
"82852877210547742641882858381433942081",
"202115433912027372611804031277930216050",
"133579455341956315780173770904590981744",
"136616163476365606927268508084783057102",
"305149793300024520010573739307449802718",
"201281176419973856591010077482334922124",
"106650187320798493682074092766234400080",
"326202488334874540217740389062847533442",
"285457361304867560173801185219252846067",
"228959501218655978202824404416607926787",
"317812597700006823328460367222345053795",
"173272481285488972979764215225753470040",
"177654007566377251514052137449922199237",
"305131162228902472698794195990873583923",
"74706431343476425117735178464814563473",
"215539359275146813234856470797434373774",
"157351705528584921154111940689849163917",
"244353186945955039344080655799729770788",
"6715728581520025269599536526787949815",
"147544553956023900136271808348368093205",
"215297313047996969368999306287797487864",
"6248954788066199878021843816656331937",
"83624446501731439659533245735133203556",
"328352930698440880752594425532496399156",
"200191025849654226692378945304216293252",
"275023611695863165158107745383287623201",
"258990991298669398779230779237337551130",
"3991983432574062424756819066508756844",
"326202488334874540217740389062847533442",
"285457361304867560173801185219252846067",
"245031253918962866211478848926533732893",
"56411902009064642496875925174411778192",
"258151527018414653128692777478923238879",
"19452971205237084022717458321887816786",
"120203192599127634173837469682078404794",
"15638750406591207018900079186144142784"
],
"threshold": 0.9
},
"source": "https://github.com/python/cpython/commit/985ecdcfc29adfc36ce2339acf03f819ad414869",
"signature_type": "Line",
"target": {
"file": "Objects/object.c"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "PSF-2014-2-905b5560",
"digest": {
"line_hashes": [
"243731023950584096687306697489743991144",
"280650817768554543265198097039750177431",
"243476815084164612288505337045110999952",
"202974811329588557820629259652275573281"
],
"threshold": 0.9
},
"source": "https://github.com/python/cpython/commit/985ecdcfc29adfc36ce2339acf03f819ad414869",
"signature_type": "Line",
"target": {
"file": "Objects/bytesobject.c"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "PSF-2014-2-a0cc80fc",
"digest": {
"length": 500.0,
"function_hash": "127572937484478808045782870395988986215"
},
"source": "https://github.com/python/cpython/commit/985ecdcfc29adfc36ce2339acf03f819ad414869",
"signature_type": "Function",
"target": {
"file": "Python/sysmodule.c",
"function": "get_hash_info"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "PSF-2014-2-ac446d08",
"digest": {
"length": 1050.0,
"function_hash": "117602114031601022581298635867197787454"
},
"source": "https://github.com/python/cpython/commit/985ecdcfc29adfc36ce2339acf03f819ad414869",
"signature_type": "Function",
"target": {
"file": "Objects/unicodeobject.c",
"function": "unicode_hash"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "PSF-2014-2-b7809532",
"digest": {
"line_hashes": [
"307587149813110809697197586416683763676",
"192803438822507814729471256531060365139",
"277457461532781213898901908311919532544",
"57477053317330060284180773769121268658",
"298618708391652621346974797096722580216",
"337137667846983925611716083473141458695",
"150505559208505019869204405523534631734",
"231210550495200827719998618662184268788",
"210424875313406430382541993834336309575",
"111470757270290513630721147781991123678",
"326108683625101122596671798693423580704",
"98757779085083823182063882211446640702",
"240940269072253230182289039967678299776",
"62737252283845720949443759219237541071",
"323579392407991706362892849931128766617",
"82771183924581112472236761143420672344",
"165025356007113553637562102006453866652",
"297760537610807325921595530225503075293",
"20890230846521923950639444093709183550",
"43696968224373139187360733184948374588",
"182750309515341810992301294912039361974",
"172628762699244928328384438408736559874",
"158087101824956073923371222541175308118",
"310885540547033015930524076284001336188",
"322957652530342587720686705135452904653",
"125135157422199717830616957916311591985",
"180333173395859440436468959766131219957",
"254480405453903711957072525000413038453",
"45927087663785231008449448398537401661",
"57418454149391358514359950561941581072",
"60446942355122261488092485546108799552"
],
"threshold": 0.9
},
"source": "https://github.com/python/cpython/commit/985ecdcfc29adfc36ce2339acf03f819ad414869",
"signature_type": "Line",
"target": {
"file": "Objects/unicodeobject.c"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "PSF-2014-2-bd75edac",
"digest": {
"length": 200.0,
"function_hash": "16413300626615082006785263069868757301"
},
"source": "https://github.com/python/cpython/commit/985ecdcfc29adfc36ce2339acf03f819ad414869",
"signature_type": "Function",
"target": {
"file": "Objects/bytesobject.c",
"function": "bytes_hash"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "PSF-2014-2-c0eb4144",
"digest": {
"length": 476.0,
"function_hash": "336968888579366616947999061270735985939"
},
"source": "https://github.com/python/cpython/commit/985ecdcfc29adfc36ce2339acf03f819ad414869",
"signature_type": "Function",
"target": {
"file": "Python/random.c",
"function": "dev_urandom_noraise"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "PSF-2014-2-c9c34782",
"digest": {
"line_hashes": [
"29758749065420896813929499180658510720",
"78989316245752213537234516613030219351",
"125252369049635519618447100205706515344",
"289914688515101274341426285013203942861"
],
"threshold": 0.9
},
"source": "https://github.com/python/cpython/commit/985ecdcfc29adfc36ce2339acf03f819ad414869",
"signature_type": "Line",
"target": {
"file": "Include/Python.h"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "PSF-2014-2-d3699b97",
"digest": {
"line_hashes": [
"24991481511716392974817110201951063115",
"309121833435571584886888347331328089081",
"59717504849187889942966138128531336871",
"305311105795380866167743856277167033903",
"27665945607133258138690660846460279377",
"213127445226450872402278039085537935554",
"4196895575913646912676999131941379568",
"47835053355234564952371264800322010158",
"223444586592497400928498037452042306961",
"19809920959055461582995257600751502106",
"320369072484378587469413964393942901546",
"261323100762804986066946332850064456069",
"256543450362008084024039253273657589110",
"160423792894260640474952976273693818283",
"264405911768850748170875712637210463529",
"261907448055569809697129226581589190452",
"121011661827539459506134240821213732236",
"196323000771517511829592095436758784889",
"120209489793331541392970035916421074612",
"168110625411552252414220702060999399949",
"84865429576387142413988023155651166564",
"277847753184592904065037784401456013557",
"175868232359346462261384841417757159072",
"149516712767738304249735671816238577475",
"226481749847432232612930261628692182198",
"3211733714247991691801046419441462852"
],
"threshold": 0.9
},
"source": "https://github.com/python/cpython/commit/985ecdcfc29adfc36ce2339acf03f819ad414869",
"signature_type": "Line",
"target": {
"file": "Python/sysmodule.c"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "PSF-2014-2-d823f212",
"digest": {
"length": 902.0,
"function_hash": "109245066789198919645457330610361248713"
},
"source": "https://github.com/python/cpython/commit/985ecdcfc29adfc36ce2339acf03f819ad414869",
"signature_type": "Function",
"target": {
"file": "Objects/memoryobject.c",
"function": "memory_hash"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "PSF-2014-2-ddc1233a",
"digest": {
"line_hashes": [
"276458971854194634154952791644206073173",
"107460887494748979979446122949081969929",
"301208151474819218841871383334013146299",
"274144998336260529513621701676083037747",
"256400059100753568427186080971664991306",
"241787822425184205080982769761631307859",
"27220085699896453629868345760177002857",
"228226681865759393063754755312268773945",
"127100951549599008461612414419608420212",
"67986048219566528077031297096581824042",
"314507639948427298115483872706941321267",
"111967132204554638043100091632935979555",
"234546320063739805627058985611114464761",
"83525901252869499844173072719943773004",
"248493831406778185687058542629219598269",
"67673953571179080134925386502477466241"
],
"threshold": 0.9
},
"source": "https://github.com/python/cpython/commit/985ecdcfc29adfc36ce2339acf03f819ad414869",
"signature_type": "Line",
"target": {
"file": "Include/object.h"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "PSF-2014-2-dfd842c3",
"digest": {
"line_hashes": [
"173100669592107332321664713813817594431",
"280363630051228798551992186748001113874",
"226486050921447052450917556892113755271",
"234666700038043468168013878644682388868",
"8198755371484408420437846378216690018",
"121671920968276195156359406126010744714",
"231586238322925365205302241292856322517",
"150448347250463458298109064030010408915"
],
"threshold": 0.9
},
"source": "https://github.com/python/cpython/commit/985ecdcfc29adfc36ce2339acf03f819ad414869",
"signature_type": "Line",
"target": {
"file": "Python/pythonrun.c"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "PSF-2014-2-e2ef7a6e",
"digest": {
"length": 1222.0,
"function_hash": "2930002869140741701502748793724985714"
},
"source": "https://github.com/python/cpython/commit/985ecdcfc29adfc36ce2339acf03f819ad414869",
"signature_type": "Function",
"target": {
"file": "Modules/pyexpat.c",
"function": "newxmlparseobject"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "PSF-2014-2-eb69eaa8",
"digest": {
"line_hashes": [
"84420167959114749131310415896345570557",
"259171341937118450218637969829725136702",
"246438807654307113231177739362196319012",
"97830459393129007008483492524284981251"
],
"threshold": 0.9
},
"source": "https://github.com/python/cpython/commit/985ecdcfc29adfc36ce2339acf03f819ad414869",
"signature_type": "Line",
"target": {
"file": "Modules/pyexpat.c"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "PSF-2014-2-ee5ab818",
"digest": {
"line_hashes": [
"247390828590463974217646495371449569520",
"691465127523688193624221216823579446",
"322982313688464881551863973628544238830",
"222229916907211628424713566881408750387"
],
"threshold": 0.9
},
"source": "https://github.com/python/cpython/commit/985ecdcfc29adfc36ce2339acf03f819ad414869",
"signature_type": "Line",
"target": {
"file": "Objects/memoryobject.c"
}
},
{
"deprecated": false,
"signature_version": "v1",
"id": "PSF-2014-2-fef35419",
"digest": {
"length": 467.0,
"function_hash": "152294807985126837574642261230120935923"
},
"source": "https://github.com/python/cpython/commit/985ecdcfc29adfc36ce2339acf03f819ad414869",
"signature_type": "Function",
"target": {
"file": "Objects/object.c",
"function": "_Py_HashBytes"
}
}
]
source
"https://github.com/psf/advisory-database/blob/main/advisories/python/PSF-2014-2.json"