CVE Vulnerabilities

CVE-2013-5958

Published: Dec 27, 2014 | Modified: Dec 29, 2014
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:N/I:N/A:P
RedHat/V2
RedHat/V3
Ubuntu

The Security component in Symfony 2.0.x before 2.0.25, 2.1.x before 2.1.13, 2.2.x before 2.2.9, and 2.3.x before 2.3.6 allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation, a similar issue to CVE-2013-5750.

Affected Software

Name Vendor Start Version End Version
Symfony Sensiolabs 2.0.0 (including) 2.0.0 (including)
Symfony Sensiolabs 2.0.1 (including) 2.0.1 (including)
Symfony Sensiolabs 2.0.2 (including) 2.0.2 (including)
Symfony Sensiolabs 2.0.3 (including) 2.0.3 (including)
Symfony Sensiolabs 2.0.4 (including) 2.0.4 (including)
Symfony Sensiolabs 2.0.5 (including) 2.0.5 (including)
Symfony Sensiolabs 2.0.6 (including) 2.0.6 (including)
Symfony Sensiolabs 2.0.7 (including) 2.0.7 (including)
Symfony Sensiolabs 2.0.8 (including) 2.0.8 (including)
Symfony Sensiolabs 2.0.9 (including) 2.0.9 (including)
Symfony Sensiolabs 2.0.10 (including) 2.0.10 (including)
Symfony Sensiolabs 2.0.11 (including) 2.0.11 (including)
Symfony Sensiolabs 2.0.12 (including) 2.0.12 (including)
Symfony Sensiolabs 2.0.13 (including) 2.0.13 (including)
Symfony Sensiolabs 2.0.14 (including) 2.0.14 (including)
Symfony Sensiolabs 2.0.15 (including) 2.0.15 (including)
Symfony Sensiolabs 2.0.16 (including) 2.0.16 (including)
Symfony Sensiolabs 2.0.17 (including) 2.0.17 (including)
Symfony Sensiolabs 2.0.18 (including) 2.0.18 (including)
Symfony Sensiolabs 2.0.19 (including) 2.0.19 (including)
Symfony Sensiolabs 2.0.20 (including) 2.0.20 (including)
Symfony Sensiolabs 2.0.21 (including) 2.0.21 (including)
Symfony Sensiolabs 2.0.22 (including) 2.0.22 (including)
Symfony Sensiolabs 2.0.23 (including) 2.0.23 (including)
Symfony Sensiolabs 2.0.24 (including) 2.0.24 (including)
Symfony Sensiolabs 2.1.0 (including) 2.1.0 (including)
Symfony Sensiolabs 2.1.1 (including) 2.1.1 (including)
Symfony Sensiolabs 2.1.2 (including) 2.1.2 (including)
Symfony Sensiolabs 2.1.3 (including) 2.1.3 (including)
Symfony Sensiolabs 2.1.4 (including) 2.1.4 (including)
Symfony Sensiolabs 2.1.5 (including) 2.1.5 (including)
Symfony Sensiolabs 2.1.6 (including) 2.1.6 (including)
Symfony Sensiolabs 2.1.7 (including) 2.1.7 (including)
Symfony Sensiolabs 2.1.8 (including) 2.1.8 (including)
Symfony Sensiolabs 2.1.9 (including) 2.1.9 (including)
Symfony Sensiolabs 2.1.10 (including) 2.1.10 (including)
Symfony Sensiolabs 2.1.11 (including) 2.1.11 (including)
Symfony Sensiolabs 2.1.12 (including) 2.1.12 (including)
Symfony Sensiolabs 2.2-dev (including) 2.2-dev (including)
Symfony Sensiolabs 2.2.0 (including) 2.2.0 (including)
Symfony Sensiolabs 2.2.1 (including) 2.2.1 (including)
Symfony Sensiolabs 2.2.2 (including) 2.2.2 (including)
Symfony Sensiolabs 2.2.3 (including) 2.2.3 (including)
Symfony Sensiolabs 2.2.4 (including) 2.2.4 (including)
Symfony Sensiolabs 2.2.5 (including) 2.2.5 (including)
Symfony Sensiolabs 2.2.6 (including) 2.2.6 (including)
Symfony Sensiolabs 2.2.8 (including) 2.2.8 (including)
Symfony Sensiolabs 2.3.0 (including) 2.3.0 (including)
Symfony Sensiolabs 2.3.1 (including) 2.3.1 (including)
Symfony Sensiolabs 2.3.2 (including) 2.3.2 (including)
Symfony Sensiolabs 2.3.3 (including) 2.3.3 (including)
Symfony Sensiolabs 2.3.4 (including) 2.3.4 (including)
Symfony Sensiolabs 2.3.5 (including) 2.3.5 (including)

References