CVE-2014-5244Regex Denial of Service in Http-foundation

CWE-1333Regex Denial of Service2 documents2 sources
Severity
HIGH
No vector
EPSS
No EPSS data
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Symfony Http-foundationSymfony
Timeline
PublishedMay 30

Description

Symfony vulnerable to denial of service via a malicious HTTP Host header All 2.0.X, 2.1.X, 2.2.X, 2.3.X, 2.4.X, and 2.5.X versions of the Symfony HttpFoundation component are affected by this security issue. This issue has been fixed in Symfony 2.3.19, 2.4.9, and 2.5.4. Note that no fixes are provided for Symfony 2.0, 2.1, and 2.2 as they are not maintained anymore. Description When an arbitrarily long hostname is sent by a client, its parsing in `Request::getHost()` can lead to a DoS attack,

Affected Packages2 packages

Packagistsymfony/http-foundation2.0.02.3.19+2
Packagistsymfony/symfony2.0.02.3.19+2

🔴Vulnerability Details

2
OSV
Symfony vulnerable to denial of service via a malicious HTTP Host header2024-05-30
GHSA
Symfony vulnerable to denial of service via a malicious HTTP Host header2024-05-30
CVE-2014-5244 — Regex Denial of Service | cvebase