What is CVE-2016-1902?

CVE-2016-1902 is a high-severity vulnerability in Sensiolabs Symfony, classified under Cryptographic Issues. CVSS score: 7.5/10. Published 2016-06-01.

How severe is CVE-2016-1902?

High severity. CVSS v3 base score is 7.5 out of 10.

Is CVE-2016-1902 known to be exploited?

2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Sensiolabs Symfony

CVE-2016-1902

The nextBytes function in the SecureRandom class in Symfony before 2.3.37, 2.6.x before 2.6.13, and 2.7.x before 2.7.9 does not properly generate random numbers when used with PHP 5.x without the paragonie/random_compat library and the ope…

Vulnerability class: POODLE (CVE-2014-3566)

EPSS: 0.004 (60.8th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 7.5 (High). Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N.

Affected products

Sensiolabs Symfony — versions 2.6.0, 2.6.1, 2.6.2
Debian Debian_linux — versions 8.0
N/a — versions n/a

Weakness classification (CWE)

CWE-310 — Cryptographic Issues

Public proof-of-concept exploits

References

cve@mitre.org (x_refsource_CONFIRM, Vendor Advisory)
cve@mitre.org (x_refsource_CONFIRM, Patch)
cve@mitre.org (x_refsource_MISC)
DSA-3588 (vendor-advisory, x_refsource_DEBIAN)

Frequently asked questions

What is CVE-2016-1902?: CVE-2016-1902 is a high-severity vulnerability in Sensiolabs Symfony, classified under Cryptographic Issues. CVSS score: 7.5/10. Published 2016-06-01.
How severe is CVE-2016-1902?: High severity. CVSS v3 base score is 7.5 out of 10.
Is CVE-2016-1902 known to be exploited?: 2 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.