|
|
php.net | support | documentation | report a bug | advanced search | search howto | statistics | random bug | login |
PatchesPull RequestsHistoryAllCommentsChangesGit/SVN commits
[2010-11-09 04:22 UTC] moriyoshi@php.net
-PHP Version: Irrelevant
+PHP Version: 5.3 and above.
[2010-11-09 04:23 UTC] moriyoshi@php.net
[2010-11-09 09:47 UTC] aharvey@php.net
-Status: Open
+Status: Assigned
-Assigned To:
+Assigned To: moriyoshi
[2010-11-09 09:47 UTC] aharvey@php.net
[2010-11-10 15:51 UTC] pajoye@php.net
-Status: Assigned
+Status: Closed
[2010-11-10 15:51 UTC] pajoye@php.net
[2010-11-16 21:30 UTC] felipe@php.net
-CVE-ID:
+CVE-ID: 2010-4156
[2010-11-22 15:27 UTC] felipe@php.net
-Type: Bug
+Type: Security
|
|||||||||||||||||||||||||||||||||
Copyright © 2001-2025 The PHP GroupAll rights reserved. |
Last updated: Wed Oct 22 05:00:01 2025 UTC |
Description: ------------ mb_strcut() returns garbage when the following conditions are met: 1. The value specified to length parameter exceeds the length of the subject string. 2. mbstring.internal_encoding is set to some single-byte encoding. The garbage may consist of uncleared part of the heap that has previously been used for some purpose, which could lead to unexpected information exposure. This bug was originally reported by Mateusz Kocielski. Test script: --------------- <?php $b = "bbbbbbbbbbb"; str_repeat("THIS IS A SECRET MESSAGE, ISN'T IT?", 1); $var3 = mb_strcut($b, 0, 1000); echo $var3; ?> Expected result: ---------------- bbbbbbbbbbb Actual result: -------------- bbbbbbbbbbb??????D$Ј=m???=m?(?=m?`?=m??5<m??=m?THIS IS A SECRET MESSAGE, ISN'T IT??g?1@?=m?(?=m???=m?p?=m?var3