Launchpad CVE tracker

CVE 2010-4156

The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through 5.3.3, allows context-dependent attackers to obtain potentially sensitive information via a large value of the third parameter (aka the length parameter).

Related bugs and status

CVE-2010-4156 (Candidate) is related to these bugs:

Bug #682501: php5 5.3.3-1 causing segfaults -> 5.3.3-4 backport for maverick?

Summary				In	Importance	Status
	682501	php5 5.3.3-1 causing segfaults -> 5.3.3-4 backport for maverick?		php5 (Ubuntu)	Undecided	Incomplete
	682501	php5 5.3.3-1 causing segfaults -> 5.3.3-4 backport for maverick?		php	Undecided	New

Bug #697181: DoS: Infinite loop processing 2.2250738585072011e-308

		In	Importance	Status
697181	DoS: Infinite loop processing 2.2250738585072011e-308	php5 (Ubuntu)	Undecided	Fix Released
697181	DoS: Infinite loop processing 2.2250738585072011e-308	php	Unknown	Unknown
697181	DoS: Infinite loop processing 2.2250738585072011e-308	php5 (Ubuntu Lucid)	Undecided	Fix Released
697181	DoS: Infinite loop processing 2.2250738585072011e-308	php5 (Ubuntu Maverick)	Undecided	Fix Released
697181	DoS: Infinite loop processing 2.2250738585072011e-308	php5 (Ubuntu Natty)	Undecided	Fix Released
697181	DoS: Infinite loop processing 2.2250738585072011e-308	php5 (Fedora)	Medium	Fix Released
697181	DoS: Infinite loop processing 2.2250738585072011e-308	php5 (Debian)	Unknown	Fix Released

See the

CVE page on Mitre.org for more details.

Launchpad.net

CVE 2010-4156

References