{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"moderate"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2013-7040","title":"Title"},{"category":"description","text":"Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2013-7040","url":"https://www.suse.com/security/cve/CVE-2013-7040"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 854477 for CVE-2013-7040","url":"https://bugzilla.suse.com/854477"}],"title":"SUSE CVE CVE-2013-7040","tracking":{"current_release_date":"2026-01-01T02:33:22Z","generator":{"date":"2023-02-15T05:33:35Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2013-7040","initial_release_date":"2023-02-15T05:33:35Z","revision_history":[{"date":"2023-02-15T05:33:35Z","number":"2","summary":"Current version"},{"date":"2025-03-16T12:32:39Z","number":"3","summary":"Current version"},{"date":"2026-01-01T02:33:22Z","number":"4","summary":"unknown changes"}],"status":"interim","version":"4"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SUSE Linux Enterprise Server 11 SP1 for Teradata","product":{"name":"SUSE Linux Enterprise Server 11 SP1 for Teradata","product_id":"SUSE Linux Enterprise Server 11 SP1 for Teradata","product_identification_helper":{"cpe":"cpe:/o:suse:suse_sles_teradata:11:sp1"}}},{"category":"product_name","name":"SUSE Linux Enterprise Server 11 SP3 for Teradata","product":{"name":"SUSE Linux Enterprise Server 11 SP3 for Teradata","product_id":"SUSE Linux Enterprise Server 11 SP3 for Teradata","product_identification_helper":{"cpe":"cpe:/o:suse:suse_sles_teradata:11:sp3"}}},{"category":"product_version","name":"python","product":{"name":"python","product_id":"python","product_identification_helper":{"cpe":"cpe:2.3:a:python_software_foundation:cpython:*:*:*:*:*:*:*:*","purl":"pkg:rpm/suse/python@?upstream=python.src.rpm"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"python as component of SUSE Linux Enterprise Server 11 SP1 for Teradata","product_id":"SUSE Linux Enterprise Server 11 SP1 for Teradata:python"},"product_reference":"python","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP1 for Teradata"},{"category":"default_component_of","full_product_name":{"name":"python as component of SUSE Linux Enterprise Server 11 SP3 for Teradata","product_id":"SUSE Linux Enterprise Server 11 SP3 for Teradata:python"},"product_reference":"python","relates_to_product_reference":"SUSE Linux Enterprise Server 11 SP3 for Teradata"}]},"vulnerabilities":[{"cve":"CVE-2013-7040","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2013-7040"}],"notes":[{"category":"general","text":"Python 2.7 before 3.4 only uses the last eight bits of the prefix to randomize hash values, which causes it to compute hash values without restricting the ability to trigger hash collisions predictably and makes it easier for context-dependent attackers to cause a denial of service (CPU consumption) via crafted input to an application that maintains a hash table.  NOTE: this vulnerability exists because of an incomplete fix for CVE-2012-1150.","title":"CVE description"}],"product_status":{"known_affected":["SUSE Linux Enterprise Server 11 SP1 for Teradata:python","SUSE Linux Enterprise Server 11 SP3 for Teradata:python"]},"references":[{"category":"external","summary":"CVE-2013-7040","url":"https://www.suse.com/security/cve/CVE-2013-7040"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 854477 for CVE-2013-7040","url":"https://bugzilla.suse.com/854477"}],"threats":[{"category":"impact","date":"2013-12-11T15:06:48Z","details":"moderate"}],"title":"CVE-2013-7040"}]}