VYPR
← All advisories
Moderate severityNVD Advisory· Published Sep 25, 2013· Updated Apr 29, 2026

CVE-2013-5750

CVE-2013-5750

Description

The login form in the FriendsOfSymfony FOSUserBundle bundle before 1.3.3 for Symfony allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation.

Affected packages

Versions sourced from the GitHub Security Advisory.

PackageAffected versionsPatched versions
friendsofsymfony/user-bundlePackagist
>= 1.2.0, < 1.2.51.2.5
friendsofsymfony/user-bundlePackagist
>= 1.3.0, < 1.3.31.3.3

Affected products

10
  • Friends Of Symfony Project/Fosuserbundle10 versions
    cpe:2.3:a:friends_of_symfony_project:fosuserbundle:1.0.0:-:-:*:-:symfony:*:*+ 9 more
    • cpe:2.3:a:friends_of_symfony_project:fosuserbundle:1.0.0:-:-:*:-:symfony:*:*
    • cpe:2.3:a:friends_of_symfony_project:fosuserbundle:1.1.0:-:-:*:-:symfony:*:*
    • cpe:2.3:a:friends_of_symfony_project:fosuserbundle:1.2.0:-:-:*:-:symfony:*:*
    • cpe:2.3:a:friends_of_symfony_project:fosuserbundle:1.2.1:-:-:*:-:symfony:*:*
    • cpe:2.3:a:friends_of_symfony_project:fosuserbundle:1.2.3:-:-:*:-:symfony:*:*
    • cpe:2.3:a:friends_of_symfony_project:fosuserbundle:1.2.4:-:-:*:-:symfony:*:*
    • cpe:2.3:a:friends_of_symfony_project:fosuserbundle:1.2.5:-:-:*:-:symfony:*:*
    • cpe:2.3:a:friends_of_symfony_project:fosuserbundle:1.3.0:-:-:*:-:symfony:*:*
    • cpe:2.3:a:friends_of_symfony_project:fosuserbundle:1.3.1:-:-:*:-:symfony:*:*
    • cpe:2.3:a:friends_of_symfony_project:fosuserbundle:*:-:-:*:-:symfony:*:*range: <=1.3.2

Patches

0

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

5

News mentions

0

No linked articles in our index yet.