Back to search
CVE-2010-4156
Published: Nov 10, 2010
Modified: Aug 7, 2024
PUBLISHED
Description
The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through 5.3.3, allows context-dependent attackers to obtain potentially sensitive information via a large value of the third parameter (aka the length parameter).
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
ADV-2011-0077
vdb-entry
x_refsource_VUPEN
FEDORA-2010-19011
vendor-advisory
x_refsource_FEDORA
42812
third-party-advisory
x_refsource_SECUNIA
RHSA-2011:0196
vendor-advisory
x_refsource_REDHAT
HPSBMA02662
vendor-advisory
x_refsource_HP
http://pastie.org/1279428
x_refsource_MISC
USN-1042-1
vendor-advisory
x_refsource_UBUNTU
ADV-2011-0021
vdb-entry
x_refsource_VUPEN
http://www.php.net/ChangeLog-5.php
x_refsource_CONFIRM
44727
vdb-entry
x_refsource_BID
[oss-security] 20101108 Re: CVE Request: PHP 5.3.3, libmbfl, mb_strcut
mailing-list
x_refsource_MLIST
MDVSA-2010:225
vendor-advisory
x_refsource_MANDRIVA
SSRT100409
vendor-advisory
x_refsource_HP
FEDORA-2010-18976
vendor-advisory
x_refsource_FEDORA
ADV-2011-0020
vdb-entry
x_refsource_VUPEN
43189
third-party-advisory
x_refsource_SECUNIA
42135
third-party-advisory
x_refsource_SECUNIA
http://pastie.org/1279682
x_refsource_MISC
[oss-security] 20101107 CVE Request: PHP 5.3.3, libmbfl, mb_strcut
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now