Lucene search
K

Alibaba Cloud Linux 3 : 0181: php:7.4 (ALINUX3-SA-2026:0181)

🗓️ 09 Jul 2026 00:00:00Reported by TenableType 
nessus
 nessus
🔗 www.tenable.com👁 2 Views

Alibaba Cloud Linux 3 PHP updates fix CVEs 2026-6722, -6735, -7258, -7261 (RCE, XSS, DoS).

Related
Refs
Code
ReporterTitlePublishedViews
Family
ATTACKERKB
CVE-2026-6735
10 May 202603:27
attackerkb
ATTACKERKB
CVE-2026-6722
10 May 202604:19
attackerkb
ATTACKERKB
CVE-2026-7568
10 May 202603:42
attackerkb
ATTACKERKB
CVE-2026-7261
10 May 202604:07
attackerkb
ATTACKERKB
CVE-2026-7258
10 May 202604:28
attackerkb
ATTACKERKB
CVE-2026-7262
10 May 202604:00
attackerkb
Tenable Nessus
Amazon Linux 2023 : php8.4, php8.4-bcmath, php8.4-cli (ALAS2023-2026-1726)
26 May 202600:00
nessus
Tenable Nessus
Amazon Linux 2023 : php8.2, php8.2-bcmath, php8.2-cli (ALAS2023-2026-1727)
26 May 202600:00
nessus
Tenable Nessus
Amazon Linux 2023 : php8.3, php8.3-bcmath, php8.3-cli (ALAS2023-2026-1728)
27 May 202600:00
nessus
Tenable Nessus
Amazon Linux 2023 : php8.5, php8.5-bcmath, php8.5-cli (ALAS2023-2026-1733)
27 May 202600:00
nessus
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Alibaba Cloud Linux Security Advisory ALINUX3-SA-2026:0181.
##

include('compat.inc');

if (description)
{
  script_id(325922);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/07/09");

  script_cve_id(
    "CVE-2026-6722",
    "CVE-2026-6735",
    "CVE-2026-7258",
    "CVE-2026-7261",
    "CVE-2026-7262",
    "CVE-2026-7568"
  );

  script_name(english:"Alibaba Cloud Linux 3 : 0181: php:7.4 (ALINUX3-SA-2026:0181)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Alibaba Cloud Linux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced
in the ALINUX3-SA-2026:0181 advisory.

    Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities:

    CVE-2026-6722:
    In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the
    SOAP extension's object deduplication mechanism stores pointers to PHP objects in a global mapwithout
    incrementing their reference counts. When an apache:Map node contains duplicate keys, processing the
    second entry overwrites the first in the temporary result map, freeing the original PHP object while its
    stale pointer remains in the map. A subsequent href reference to the freed node can copy the dangling
    pointer into the result. As PHP string allocations can reclaim the freed memory region, an attacker with
    control over the SOAP request body can exploit this use-after-free to achieve remote code execution.

    CVE-2026-6735:
    In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, 8.5.* before 8.5.6, due to
    improper sanitation of user data, itallows an attacker to compose an URL, which will cause the target to
    execute arbitrary JavaScript code (XSS) on the target's machine when the target is viewing thePHP-FPM
    status page.

    CVE-2026-7258:
    In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6,
    some functions, including urldecode(), pass signed char to ctype functions (likeisxdigit()). On the
    systems with default signed char and optimized table-lookup ctype functions - such as NetBSD - this can
    lead to accessing array with negative offset, whichcan trigger a denial of service.

    CVE-2026-7261:
    In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6,
    when SoapServer is configured with SOAP_PERSISTENCE_SESSION, the handler object is persisted across
    requests via session storage. However, in the case SOAP requests results in an error, the persistance is
    handled incorrectly, resulting in freeing the object while keeping a pointer to it, which may lead to use-
    after-free. This may lead to memory corruption, information disclosure, or process crashes, with
    confidentiality, integrity, and availability impact on the vulnerable system.

    CVE-2026-7262:
    In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6,
    when a SOAP server has a typemap configured, the decoding process contains a mistake which checks the
    wrong variable in case of missing value element. This leads todereferences a NULL pointer, causing a
    segmentation fault. This allows a remote unauthenticated attacker to crash the PHP SOAP server process,
    resulting in denial of service.

    CVE-2026-7568:
    In PHP versions 8.2.* before 8.2.31, 8.3.* before 8.3.31, 8.4.* before 8.4.21, and 8.5.* before 8.5.6, the
    metaphone() function in ext/standard/metaphone.c uses a signed int variable to track the current position
    within the input string. If a string longer than 2,147,483,647 bytes is passed, a signed integer overflow
    occurs, resulting in undefined behavior. This can lead to an out-of-bounds read, causing a segmentation
    fault or access to unrelated memory, and may affect the availability of the PHP process.

Tenable has extracted the preceding description block directly from the Alibaba Cloud Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"http://mirrors.aliyun.com/alinux/3/cve/alinux3-sa-20260181.xml");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:H/VI:H/VA:H/SC:H/SI:H/SA:H");
  script_set_attribute(attribute:"cvss4_supplemental", value:"CVSS:4.0/AU:Y/RE:M/U:Red");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:P");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2026-7261");
  script_set_attribute(attribute:"cvss4_score_source", value:"CVE-2026-6722");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2026/05/06");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/07/06");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/07/09");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-bcmath");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-dba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-embedded");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-enchant");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-ffi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-fpm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-gmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-intl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-json");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-mbstring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-mysqlnd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-opcache");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-pdo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-process");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-soap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-xml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:alibabacloud:alibaba_cloud_linux_3:php-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:alibabacloud:alibaba_cloud_linux_3");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Alibaba Cloud Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/Alibaba/release", "Host/Alibaba/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'Alibaba Cloud Linux' >!< os_product) audit(AUDIT_OS_NOT, 'Alibaba Cloud Linux');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'Alibaba Cloud Linux');
if (! preg(pattern:"^3([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'Alibaba Cloud Linux 3.x', 'Alibaba Cloud Linux ' + os_version);

if (!get_kb_item('Host/Alibaba/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'x86_64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Alibaba Cloud Linux', cpu);

var constraints = [
  {
    'release': '3',
    'pkgs': [
      {'reference':'php-7.4.33-4.0.1.al8', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-7.4.33-4.0.1.al8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-bcmath-7.4.33-4.0.1.al8', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-bcmath-7.4.33-4.0.1.al8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-cli-7.4.33-4.0.1.al8', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-cli-7.4.33-4.0.1.al8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-common-7.4.33-4.0.1.al8', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-common-7.4.33-4.0.1.al8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-dba-7.4.33-4.0.1.al8', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-dba-7.4.33-4.0.1.al8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-dbg-7.4.33-4.0.1.al8', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-dbg-7.4.33-4.0.1.al8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-devel-7.4.33-4.0.1.al8', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-devel-7.4.33-4.0.1.al8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-embedded-7.4.33-4.0.1.al8', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-embedded-7.4.33-4.0.1.al8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-enchant-7.4.33-4.0.1.al8', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-enchant-7.4.33-4.0.1.al8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-ffi-7.4.33-4.0.1.al8', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-ffi-7.4.33-4.0.1.al8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-fpm-7.4.33-4.0.1.al8', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-fpm-7.4.33-4.0.1.al8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-gd-7.4.33-4.0.1.al8', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-gd-7.4.33-4.0.1.al8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-gmp-7.4.33-4.0.1.al8', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-gmp-7.4.33-4.0.1.al8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-intl-7.4.33-4.0.1.al8', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-intl-7.4.33-4.0.1.al8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-json-7.4.33-4.0.1.al8', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-json-7.4.33-4.0.1.al8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-ldap-7.4.33-4.0.1.al8', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-ldap-7.4.33-4.0.1.al8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-mbstring-7.4.33-4.0.1.al8', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-mbstring-7.4.33-4.0.1.al8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-mysqlnd-7.4.33-4.0.1.al8', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-mysqlnd-7.4.33-4.0.1.al8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-odbc-7.4.33-4.0.1.al8', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-odbc-7.4.33-4.0.1.al8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-opcache-7.4.33-4.0.1.al8', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-opcache-7.4.33-4.0.1.al8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-pdo-7.4.33-4.0.1.al8', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-pdo-7.4.33-4.0.1.al8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-pgsql-7.4.33-4.0.1.al8', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-pgsql-7.4.33-4.0.1.al8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-process-7.4.33-4.0.1.al8', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-process-7.4.33-4.0.1.al8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-snmp-7.4.33-4.0.1.al8', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-snmp-7.4.33-4.0.1.al8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-soap-7.4.33-4.0.1.al8', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-soap-7.4.33-4.0.1.al8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-xml-7.4.33-4.0.1.al8', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-xml-7.4.33-4.0.1.al8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-xmlrpc-7.4.33-4.0.1.al8', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-xmlrpc-7.4.33-4.0.1.al8', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'php / php-bcmath / php-cli / php-common / php-dba / php-dbg / etc');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

09 Jul 2026 00:00Current
6.4Medium risk
Vulners AI Score6.4
CVSS 3.17.7 - 9.8
CVSS 49.5
EPSS0.0078
SSVC
2