GHSA-cr49-fx2v-9p57

Source

https://github.com/advisories/GHSA-cr49-fx2v-9p57

Import Source

https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cr49-fx2v-9p57/GHSA-cr49-fx2v-9p57.json

JSON Data

https://api.osv.dev/v1/vulns/GHSA-cr49-fx2v-9p57

Aliases

CVE-2013-5958

Published

2022-05-17T04:19:02Z

Modified

2024-12-08T05:28:14.866258Z

Summary

Symfony Denial of Service Via Long Password Hashing

Details

The Security component in Symfony 2.0.x before 2.0.25, 2.1.x before 2.1.13, 2.2.x before 2.2.9, and 2.3.x before 2.3.6 allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation, a similar issue to CVE-2013-5750.

Database specific

{
    "nvd_published_at": "2014-12-27T18:59:00Z",
    "cwe_ids": [
        "CWE-789"
    ],
    "severity": "MODERATE",
    "github_reviewed": true,
    "github_reviewed_at": "2024-04-25T22:04:14Z"
}

References

Affected packages

Packagist / symfony/symfony

Package

Name: symfony/symfony
Purl: pkg:composer/symfony/symfony

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.0.0

Fixed

2.0.25

Affected versions

2.*

2.0.4

2.0.5

2.0.6

2.0.7

v2.*

v2.0.9

v2.0.10

v2.0.11

v2.0.12

v2.0.13

v2.0.14

v2.0.15

v2.0.16

v2.0.17

v2.0.18

v2.0.19

v2.0.20

v2.0.21

v2.0.22

v2.0.23

v2.0.24

Packagist / symfony/symfony

Package

Name: symfony/symfony
Purl: pkg:composer/symfony/symfony

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.1.0

Fixed

2.1.13

Affected versions

v2.*

v2.1.0

v2.1.1

v2.1.2

v2.1.3

v2.1.4

v2.1.5

v2.1.6

v2.1.7

v2.1.8

v2.1.9

v2.1.10

v2.1.11

v2.1.12

Packagist / symfony/symfony

Package

Name: symfony/symfony
Purl: pkg:composer/symfony/symfony

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.2.0

Fixed

2.2.9

Affected versions

v2.*

v2.2.0

v2.2.1

v2.2.2

v2.2.3

v2.2.4

v2.2.5

v2.2.6

v2.2.7

v2.2.8

Packagist / symfony/symfony

Package

Name: symfony/symfony
Purl: pkg:composer/symfony/symfony

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.3.0

Fixed

2.3.6

Affected versions

v2.*

v2.3.0

v2.3.1

v2.3.2

v2.3.3

v2.3.4

v2.3.5

Packagist / symfony/polyfill

Package

Name: symfony/polyfill
Purl: pkg:composer/symfony/polyfill

Affected ranges

Type: ECOSYSTEM
Events: Introduced

1.0.0

Fixed

1.10.0

Affected versions

v1.*

v1.0.0

v1.0.1

v1.1.0

v1.1.1

v1.2.0

v1.3.0

v1.3.1

v1.4.0

v1.5.0

v1.6.0

v1.7.0

v1.8.0

v1.9.0

Packagist / symfony/security

Package

Name: symfony/security
Purl: pkg:composer/symfony/security

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.0.0

Fixed

2.0.25

Affected versions

2.*

2.0.4

2.0.5

2.0.6

2.0.7

v2.*

v2.0.9

v2.0.10

v2.0.12

v2.0.13

v2.0.14

v2.0.15

v2.0.16

v2.0.17

v2.0.18

v2.0.19

v2.0.20

v2.0.21

v2.0.22

v2.0.23

v2.0.24

Packagist / symfony/security

Package

Name: symfony/security
Purl: pkg:composer/symfony/security

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.1.0

Fixed

2.1.13

Affected versions

v2.*

v2.1.0

v2.1.1

v2.1.2

v2.1.3

v2.1.4

v2.1.5

v2.1.6

v2.1.7

v2.1.8

v2.1.9

v2.1.10

v2.1.11

v2.1.12

Packagist / symfony/security

Package

Name: symfony/security
Purl: pkg:composer/symfony/security

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.2.0

Fixed

2.2.9

Affected versions

v2.*

v2.2.0

v2.2.1

v2.2.2

v2.2.3

v2.2.4

v2.2.5

v2.2.6

v2.2.7

v2.2.8

Packagist / symfony/security

Package

Name: symfony/security
Purl: pkg:composer/symfony/security

Affected ranges

Type: ECOSYSTEM
Events: Introduced

2.3.0

Fixed

2.3.6

Affected versions

v2.*

v2.3.0

v2.3.1

v2.3.2

v2.3.3

v2.3.4

v2.3.5