VulnerableCode Vulnerability Details - VCID-7gbe-9xtx-2bdr

Search for vulnerabilities

Vulnerability details: VCID-7gbe-9xtx-2bdr

Essentials
Severities (10)
References (10)
Severity details (9)
Exploits (0)
EPSS
History (1)

Vulnerability ID	VCID-7gbe-9xtx-2bdr
Aliases	CVE-2013-5958 GHSA-cr49-fx2v-9p57
Summary	Symfony Denial of Service Via Long Password Hashing The Security component in Symfony 2.0.x before 2.0.25, 2.1.x before 2.1.13, 2.2.x before 2.2.9, and 2.3.x before 2.3.6 allows remote attackers to cause a denial of service (CPU consumption) via a long password that triggers an expensive hash computation, as demonstrated by a PBKDF2 computation, a similar issue to CVE-2013-5750.
Status	Published
Exploitability	0.5
Weighted Severity	6.2
Risk	3.1
Affected and Fixed Packages	Package Details

Weaknesses (4)

CWE-789	Memory Allocation with Excessive Size Value
CWE-1035	OWASP Top Ten 2017 Category A9 - Using Components with Known Vulnerabilities
CWE-399	Resource Management Errors
CWE-937	OWASP Top Ten 2013 Category A9 - Using Components with Known Vulnerabilities

System	Score	Found at
epss	0.00474	https://api.first.org/data/v1/epss?cve=CVE-2013-5958
generic_textual	MODERATE	https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/polyfill/CVE-2013-5958.yaml
generic_textual	MODERATE	https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2013-5958.yaml
generic_textual	MODERATE	https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2013-5958.yaml
generic_textual	MODERATE	https://github.com/symfony/polyfill/pull/155
generic_textual	MODERATE	https://github.com/symfony/symfony
generic_textual	MODERATE	https://github.com/symfony/symfony/issues/11522
generic_textual	MODERATE	https://nvd.nist.gov/vuln/detail/CVE-2013-5958
generic_textual	MODERATE	https://symfony.com/blog/security-releases-cve-2013-5958-symfony-2-0-25-2-1-13-2-2-9-and-2-3-6-released
generic_textual	MODERATE	http://symfony.com/blog/security-releases-cve-2013-5958-symfony-2-0-25-2-1-13-2-2-9-and-2-3-6-released

Reference id	Reference type	URL
		https://api.first.org/data/v1/epss?cve=CVE-2013-5958
		https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/polyfill/CVE-2013-5958.yaml
		https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/security/CVE-2013-5958.yaml
		https://github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2013-5958.yaml
		https://github.com/symfony/polyfill/pull/155
		https://github.com/symfony/symfony
		https://github.com/symfony/symfony/issues/11522
		https://nvd.nist.gov/vuln/detail/CVE-2013-5958
		https://symfony.com/blog/security-releases-cve-2013-5958-symfony-2-0-25-2-1-13-2-2-9-and-2-3-6-released
		http://symfony.com/blog/security-releases-cve-2013-5958-symfony-2-0-25-2-1-13-2-2-9-and-2-3-6-released

No exploits are available.

Exploit Prediction Scoring System (EPSS)

Percentile	0.63751
EPSS Score	0.00474
Published At	June 30, 2025, 12:55 p.m.

Date	Actor	Action	Source	VulnerableCode Version
2025-07-01T12:30:32.396748+00:00	GithubOSV Importer	Import	https://github.com/github/advisory-database/blob/main/advisories/github-reviewed/2022/05/GHSA-cr49-fx2v-9p57/GHSA-cr49-fx2v-9p57.json	36.1.3