Lucene search

K

GoogleOSV:GHSA-R2RQ-3H56-FQM4

HistoryMay 14, 2022 - 1:14 a.m.

Symfony DoS

2022-05-1401:14:36

Google

osv.dev

7

symfony

httpfoundation

pdosessionhandler

denial of service

2.7.x

2.8.x

3.3.x

3.4.x

4.0.x

pdo connection

security vulnerability

application

dos

EPSS

0.006

Percentile

77.7%

An issue was discovered in the HttpFoundation component in Symfony 2.7.x before 2.7.48, 2.8.x before 2.8.41, 3.3.x before 3.3.17, 3.4.x before 3.4.11, and 4.0.x before 4.0.11. The PDOSessionHandler class allows storing sessions on a PDO connection. Under some configurations and with a well-crafted payload, it was possible to do a denial of service on a Symfony application without too much resources.

References

github.com/FriendsOfPHP/security-advisories/blob/master/symfony/http-foundation/CVE-2018-11386.yaml

github.com/FriendsOfPHP/security-advisories/blob/master/symfony/symfony/CVE-2018-11386.yaml

github.com/symfony/symfony

lists.fedoraproject.org/archives/list/[email protected]/message/G4XNBMFW33H47O5TZGA7JYCVLDBCXAJV

lists.fedoraproject.org/archives/list/[email protected]/message/UBQK7JDXIELADIPGZIOUCZKMAJM5LSBW

lists.fedoraproject.org/archives/list/[email protected]/message/WU5N2TZFNGXDGMXMPP7LZCWTFLENF6WH

nvd.nist.gov/vuln/detail/CVE-2018-11386

symfony.com/blog/cve-2018-11386-denial-of-service-when-using-pdosessionhandler

symfony.com/cve-2018-11386

www.debian.org/security/2018/dsa-4262

EPSS

0.006

Percentile

77.7%

Related for OSV:GHSA-R2RQ-3H56-FQM4

prion1 cve1 veracode1 symfony1 nvd1 cvelist1 osv2 debiancve1 friendsofphp2 github1 ubuntucve1 nessus6 fedora6 openvas5 debian1