5

CVE-2010-4156

Exploit
The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through 5.3.3, allows context-dependent attackers to obtain potentially sensitive information via a large value of the third parameter (aka the length parameter).
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
ScottmacLibmbfl Version1.1.0
   PhpPhp Version5.3.0
   PhpPhp Version5.3.1
   PhpPhp Version5.3.2
   PhpPhp Version5.3.3
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 12.79% 0.958
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 5 10 2.9
AV:N/AC:L/Au:N/C:P/I:N/A:N
CWE-20 Improper Input Validation

The product receives input or data, but it does not validate or incorrectly validates that the input has the properties that are required to process the data safely and correctly.

http://www.php.net/ChangeLog-5.php
http://marc.info/?l=bugtraq&m=130331363227777&w=2
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.html
http://lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.html
http://secunia.com/advisories/42812
http://secunia.com/advisories/43189
http://www.redhat.com/support/errata/RHSA-2011-0196.html
http://www.ubuntu.com/usn/USN-1042-1
http://www.vupen.com/english/advisories/2011/0020
http://www.vupen.com/english/advisories/2011/0021
http://www.vupen.com/english/advisories/2011/0077
http://pastie.org/1279428
Patch
http://pastie.org/1279682
Patch
http://secunia.com/advisories/42135
http://www.mandriva.com/security/advisories?name=MDVSA-2010:225
http://www.openwall.com/lists/oss-security/2010/11/07/2
Patch
Exploit
http://www.openwall.com/lists/oss-security/2010/11/08/13
Patch
Exploit
http://www.securityfocus.com/bid/44727
Exploit