Unrated severityNVD Advisory· Published Nov 10, 2010· Updated Apr 29, 2026

CVE-2010-4156

Description

The mb_strcut function in Libmbfl 1.1.0, as used in PHP 5.3.x through 5.3.3, allows context-dependent attackers to obtain potentially sensitive information via a large value of the third parameter (aka the length parameter).

Affected products

Scottmac/Libmbfl
cpe:2.3:a:scottmac:libmbfl:1.1.0:*:*:*:*:*:*:*

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

pastie.org/1279428nvdPatch
pastie.org/1279682nvdPatch
www.openwall.com/lists/oss-security/2010/11/07/2nvdExploitPatch
www.openwall.com/lists/oss-security/2010/11/08/13nvdExploitPatch
www.securityfocus.com/bid/44727nvdExploit
lists.fedoraproject.org/pipermail/package-announce/2011-January/052836.htmlnvd
lists.fedoraproject.org/pipermail/package-announce/2011-January/052845.htmlnvd
marc.infonvd
secunia.com/advisories/42135nvd
secunia.com/advisories/42812nvd
secunia.com/advisories/43189nvd
www.mandriva.com/security/advisoriesnvd
www.php.net/ChangeLog-5.phpnvd
www.redhat.com/support/errata/RHSA-2011-0196.htmlnvd
www.ubuntu.com/usn/USN-1042-1nvd
www.vupen.com/english/advisories/2011/0020nvd
www.vupen.com/english/advisories/2011/0021nvd
www.vupen.com/english/advisories/2011/0077nvd

News mentions

No linked articles in our index yet.

cvss	0.000
epss	0.008
exploit	0.030
kev	0.000
patch	0.000
ransomware	0.000