#VU110505 Input validation error in PHP - CVE-2005-3319


| Updated: 2025-06-08

Vulnerability identifier: #VU110505

Vulnerability risk: Low

CVSSv4.0: 1.1 [CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]

CVE-ID: CVE-2005-3319

CWE-ID: CWE-20

Exploitation vector: Local

Exploit availability: No

Vulnerable software:
PHP
Universal components / Libraries / Scripting languages

Vendor: PHP Group

Description

The vulnerability allows a local user to perform service disruption.

The apache2handler SAPI (sapi_apache2.c) in the Apache module (mod_php) for PHP 5.x before 5.1.0 final and 4.4 before 4.4.1 final allows attackers to cause a denial of service (segmentation fault) via the session.save_path option in a .htaccess file or VirtualHost.

Mitigation
Install update from vendor's website.

Vulnerable software versions

PHP: 4.0.0, 4.0.1, 4.0.2, 4.0.3, 4.0.4, 4.0.5, 4.0.6, 4.0.7, 4.1, 4.1.1, 4.1.2, 4.2, 4.2.1, 4.2.2, 4.2.3, 4.3, 4.3.1, 4.3.2, 4.3.3, 4.3.4, 4.3.5, 4.3.6, 4.3.7, 4.3.8, 4.3.9, 4.3.10, 4.3.11, 4.4, 5, 5.0.0, 5.0.1, 5.0.2, 5.0.3, 5.0.4, 5.0.5

External links
https://archives.neohapsis.com/archives/fulldisclosure/2005-10/0491.html
https://bugs.gentoo.org/show_bug.cgi?id=107602
https://docs.info.apple.com/article.html?artnum=303382
https://itrc.hp.com/service/cki/docDisplay.do?docId=c00786522
https://lists.apple.com/archives/security-announce/2006/Mar/msg00000.html
https://marc.info/?l=bugtraq&m=113019286208204&w=2
https://secunia.com/advisories/17510
https://secunia.com/advisories/17557
https://secunia.com/advisories/18198
https://secunia.com/advisories/19064
https://secunia.com/advisories/22691
https://securityreason.com/securityalert/525
https://www.gentoo.org/security/en/glsa/glsa-200511-08.xml
https://www.mandriva.com/security/advisories?name=MDKSA-2005:213
https://www.osvdb.org/20491
https://www.securityfocus.com/bid/15177
https://www.securityfocus.com/bid/16907
https://www.us-cert.gov/cas/techalerts/TA06-062A.html
https://www.vupen.com/english/advisories/2006/0791
https://www.vupen.com/english/advisories/2006/4320
https://exchange.xforce.ibmcloud.com/vulnerabilities/22844
https://www.ubuntu.com/usn/usn-232-1/

Q & A

Can this vulnerability be exploited remotely?

No. This vulnerability can be exploited locally. The attacker should have authentication credentials and successfully authenticate on the system.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.


Latest bulletins with this vulnerability


Multiple vulnerabilities in PHP
Gentoo update for PHP