CVE-2013-5958: Uncontrolled Resource Consumption

December 27, 2014 (updated December 29, 2014)

The Security component in Symfony allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation, a similar issue to CVE-2013-5750.

References

symfony.com/blog/security-releases-cve-2013-5958-symfony-2-0-25-2-1-13-2-2-9-and-2-3-6-released

Code Behaviors & Features

Detect and mitigate CVE-2013-5958 with GitLab Dependency Scanning

Secure your software supply chain by verifying that all open source dependencies used in your projects contain no disclosed vulnerabilities. Learn more about Dependency Scanning →