#VU110498 Input validation error in PHP - CVE-2005-3883

Cybersecurity Help s.r.o.

Published: 2018-10-30 | Updated: 2025-06-08

Vulnerability identifier: #VU110498

Vulnerability risk: Medium

CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]

CVE-ID: CVE-2005-3883

CWE-ID: CWE-20

Exploitation vector: Network

Exploit availability: No

Vulnerable software:
PHP
Universal components / Libraries / Scripting languages

Vendor: PHP Group

Description

The vulnerability allows a remote non-authenticated attacker to corrupt data.

CRLF injection vulnerability in the mb_send_mail function in PHP before 5.1.0 might allow remote attackers to inject arbitrary e-mail headers via line feeds (LF) in the "To" address argument.

Mitigation
Install update from vendor's website.

Vulnerable software versions

PHP: 4.0.6, 4.0.7, 4.1, 4.1.1, 4.1.2, 4.2, 4.2.1, 4.2.2, 4.2.3, 4.3, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7, 4.3.8, 4.3.9, 4.3.10, 4.3.11, 4.4, 4.4.1, 5, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5

External links
https:ftp://patches.sgi.com/support/free/security/advisories/20060501-01-U.asc
https://bugs.php.net/bug.php?id=35307
https://rhn.redhat.com/errata/RHSA-2006-0276.html
https://secunia.com/advisories/17763
https://secunia.com/advisories/18054
https://secunia.com/advisories/18198
https://secunia.com/advisories/19832
https://secunia.com/advisories/20210
https://secunia.com/advisories/20951
https://securitytracker.com/id?1015296
https://support.avaya.com/elmodocs2/security/ASA-2006-129.htm
https://www.mandriva.com/security/advisories?name=MDKSA-2005:238
https://www.php.net/release_5_1_0.php
https://www.securityfocus.com/archive/1/419504/100/0/threaded
https://www.securityfocus.com/bid/15571
https://www.turbolinux.com/security/2006/TLSA-2006-38.txt
https://www.vupen.com/english/advisories/2006/2685
https://exchange.xforce.ibmcloud.com/vulnerabilities/23270
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A10332
https://www.ubuntu.com/usn/usn-232-1/

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.

Latest bulletins with this vulnerability

Multiple vulnerabilities in PHP