Lucene search

K
ubuntucveUbuntu.comUB:CVE-2010-4156
HistoryNov 09, 2010 - 12:00 a.m.

CVE-2010-4156

2010-11-0900:00:00
ubuntu.com
ubuntu.com
10

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.012 Low

EPSS

Percentile

85.1%

The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through
5.3.3, allows context-dependent attackers to obtain potentially sensitive
information via a large value of the third parameter (aka the length
parameter).

Bugs

Notes

Author Note
sbeattie does not affect lucid, as the version of libmbfl in that version is 1.0.2; see ext/mbstring/libmbfl/configure.in
OSVersionArchitecturePackageVersionFilename
ubuntu10.10noarchphp5< 5.3.3-1ubuntu9.2UNKNOWN

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:N/A:N

0.012 Low

EPSS

Percentile

85.1%