CVE-2013-5958 – symfony/security

Package

Manager: composer
Name: symfony/security
Vulnerable Version: >=2.0.0 <2.0.25 || >=2.1.0 <2.1.13 || >=2.2.0 <2.2.9 || >=2.3.0 <2.3.6

Severity

Level: Medium

CVSS v3.1: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N/E:P/RL:O/RC:C

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:L/UI:N/VC:L/VI:N/VA:N/SC:N/SI:N/SA:N

EPSS: 0.00474 pctl0.63805

Details

Symfony Denial of Service Via Long Password Hashing The Security component in Symfony 2.0.x before 2.0.25, 2.1.x before 2.1.13, 2.2.x before 2.2.9, and 2.3.x before 2.3.6 allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation, a similar issue to CVE-2013-5750.

Metadata

Created: 2022-05-17T04:19:02Z
Modified: 2024-04-25T22:07:30Z
Source: https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cr49-fx2v-9p57/GHSA-cr49-fx2v-9p57.json
CWE IDs: ["CWE-789"]
Alternative ID: GHSA-cr49-fx2v-9p57
Finding: F063
Auto approve: 1