CVE-2013-5958
Symfony Denial of Service Via Long Password Hashing
EPSS 0.47%
Description
The Security component in Symfony 2.0.x before 2.0.25, 2.1.x before 2.1.13, 2.2.x before 2.2.9, and 2.3.x before 2.3.6 allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation, a similar issue to CVE-2013-5750.
How to fix CVE-2013-5958
To remediate CVE-2013-5958, upgrade the affected package to a fixed version below.
- Packagist/symfony/polyfill—upgrade to 1.10.0 or later
- —upgrade to 2.0.25 or later
- —upgrade to 2.0.25 or later
Is CVE-2013-5958 being exploited?
Low — EPSS is 0.5%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- >= 1.0.0, < 1.10.0
- >= 2.0.0, < 2.0.25
- >= 2.0.0, < 2.0.25