Prevent Hash DoS in python

open source projects

Denial of Service through hash table multi-collisions or Hash DoS has been first reported in 28-Dec-2011 [1].

Python and Ruby are partially vulnerable, depending on version or whether the server running the code is a 32 bit or 64 bit machine. Python 2 by default does not provide random value for PYTHONHASHSEED [2] though it’s behaviour is changed in python 3 [3] which means it has random as it default value.

References

[1]https://web.archive.org/web/20140606214923/https://www.nruns.com/_downloads/advisory28122011.pdf
[2]http://docs.python.org/2/using/cmdline.html#envvar-PYTHONHASHSEED
[3]http://docs.python.org/3/using/cmdline.html#envvar-PYTHONHASHSEED

Saurabh Kumar

Leave A Reply

Your email address will not be published.