Moderate severityNVD Advisory· Published Dec 27, 2014· Updated May 6, 2026
CVE-2013-5958
CVE-2013-5958
Description
The Security component in Symfony 2.0.x before 2.0.25, 2.1.x before 2.1.13, 2.2.x before 2.2.9, and 2.3.x before 2.3.6 allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation, a similar issue to CVE-2013-5750.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
symfony/symfonyPackagist | >= 2.0.0, < 2.0.25 | 2.0.25 |
symfony/symfonyPackagist | >= 2.1.0, < 2.1.13 | 2.1.13 |
symfony/symfonyPackagist | >= 2.2.0, < 2.2.9 | 2.2.9 |
symfony/symfonyPackagist | >= 2.3.0, < 2.3.6 | 2.3.6 |
symfony/polyfillPackagist | >= 1.0.0, < 1.10.0 | 1.10.0 |
symfony/securityPackagist | >= 2.0.0, < 2.0.25 | 2.0.25 |
symfony/securityPackagist | >= 2.1.0, < 2.1.13 | 2.1.13 |
symfony/securityPackagist | >= 2.2.0, < 2.2.9 | 2.2.9 |
symfony/securityPackagist | >= 2.3.0, < 2.3.6 | 2.3.6 |
Affected products
53cpe:2.3:a:sensiolabs:symfony:2.0.0:*:*:*:*:*:*:*+ 52 more
- cpe:2.3:a:sensiolabs:symfony:2.0.0:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.0.11:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.0.12:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.0.13:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.0.14:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.0.15:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.0.16:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.0.17:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.0.18:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.0.19:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.0.2:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.0.20:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.0.21:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.0.22:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.0.23:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.0.24:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.0.3:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.0.4:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.0.5:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.0.6:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.0.7:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.0.8:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.0.9:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.1.0:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.1.10:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.1.11:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.1.12:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.1.3:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.1.4:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.1.5:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.1.7:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.1.8:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.1.9:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.2.0:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.2.1:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.2.2:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.2.4:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.2.5:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.2.6:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.2.8:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.2:dev:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.3.0:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.3.1:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.3.2:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.3.3:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.3.4:*:*:*:*:*:*:*
- cpe:2.3:a:sensiolabs:symfony:2.3.5:*:*:*:*:*:*:*
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
9- symfony.com/blog/security-releases-cve-2013-5958-symfony-2-0-25-2-1-13-2-2-9-and-2-3-6-releasednvdVendor AdvisoryWEB
- github.com/advisories/GHSA-cr49-fx2v-9p57ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2013-5958ghsaADVISORY
- github.com/FriendsOfPHP/security-advisories/blob/master/symfony/polyfill/CVE-2013-5958.yamlghsaWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2013-5958.yamlghsaWEB
- github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2013-5958.yamlghsaWEB
- github.com/symfony/polyfill/pull/155ghsaWEB
- github.com/symfony/symfony/issues/11522ghsaWEB
- symfony.com/blog/security-releases-cve-2013-5958-symfony-2-0-25-2-1-13-2-2-9-and-2-3-6-releasedghsaWEB
News mentions
0No linked articles in our index yet.