MiracleLinux 7 : php-5.4.16-48.0.11.el7.AXS7 (AXSA:2025-10916:10)

🗓️ 13 Jan 2026 00:00:00Reported by TenableType

MiracleLinux 7 PHP package vulnerable to Oniguruma issues CVE-2017-9224/9226/9227 AXSA-2025-10916.

Reporter	Title	Published	Views	Family All 183
IBM Security Bulletins	Security Bulletin: Vulnerabilities in php53 affect IBM BladeCenter Advanced Management Module (AMM) (CVE-2017-9227, CVE-2017-9226, CVE-2017-9224)	14 Apr 202314:32	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple vulnerabilities in php5 affect IBM Flex System Manager (FSM) (CVE-2017-9227, CVE-2017-9226 CVE-2017-9224)	18 Jun 201801:38	–	ibm
IBM Security Bulletins	Security Bulletin: Vulnerabilities in PHP affect IBM Chassis Management Module (CVE-2017-9227, CVE-2017-9226, CVE-2017-9224)	31 Jan 201902:25	–	ibm
ALT Linux	Security fix for the ALT Linux 8 package oniguruma version 6.4.0-alt1	12 Jul 201700:00	–	altlinux
Tenable Nessus	Amazon Linux 2 : ruby (ALAS-2023-2201)	14 Aug 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2 : oniguruma (ALAS-2023-2217)	23 Aug 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2 : oniguruma (ALAS-2023-2311)	20 Oct 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2 : php (ALAS-2024-2520)	18 Apr 202400:00	–	nessus
Tenable Nessus	Amazon Linux 2 : php, --advisory ALAS2-2025-2832 (ALAS-2025-2832)	17 Apr 202500:00	–	nessus
Tenable Nessus	Amazon Linux AMI : php70 (ALAS-2017-867)	4 Aug 201700:00	–	nessus

Source	Link
tsn	www.tsn.miraclelinux.com/en/node/22100
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi
cve	www.cve.mitre.org/cgi-bin/cvename.cgi

#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The package checks in this plugin were extracted from
# Miracle Linux Security Advisory AXSA:2025-10916:10.
##

include('deprecated_nasl_level.inc');
include('compat.inc');

if (description)
{
  script_id(282847);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/13");

  script_cve_id("CVE-2017-9224", "CVE-2017-9226", "CVE-2017-9227");

  script_name(english:"MiracleLinux 7 : php-5.4.16-48.0.11.el7.AXS7 (AXSA:2025-10916:10)");

  script_set_attribute(attribute:"synopsis", value:
"The remote MiracleLinux host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the
AXSA:2025-10916:10 advisory.

    * CVE-2017-9224: fix out-of-bounds read of a stack in match_at function
    * CVE-2017-9226: fix out-of-bounds write or read of a heap in   next_state_val
    function
    * CVE-2017-9227: fix out-of-bounds read of a stack in mbc_enc_len function
    CVE(s):
    CVE-2017-9224
    An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in
    PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A
    logical error involving order of validation and access in match_at() could result in an out-of-bounds read
    from a stack buffer.
    CVE-2017-9226
    An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in
    PHP through 7.1.5. A heap out-of-bounds write or read occurs in next_state_val() during regular expression
    compilation. Octal numbers larger than 0xff are not handled correctly in fetch_token() and
    fetch_token_in_cc(). A malformed regular expression containing an octal number in the form of '\700' would
    produce an invalid code point value larger than 0xff in next_state_val(), resulting in an out-of-bounds
    write memory corruption.
    CVE-2017-9227
    An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in
    PHP through 7.1.5. A stack out-of-bounds read occurs in mbc_enc_len() during regular expression searching.
    Invalid handling of reg->dmin in forward_search_range() could result in an invalid pointer dereference, as
    an out-of-bounds read from a stack buffer.

Tenable has extracted the preceding description block directly from the MiracleLinux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://tsn.miraclelinux.com/en/node/22100");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2017-9227");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_set_attribute(attribute:"vendor_severity", value:"High");

  script_set_attribute(attribute:"vuln_publication_date", value:"2017/05/22");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/10/03");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/13");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-bcmath");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-mbstring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-mysql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-pdo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-process");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-recode");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-soap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-xml");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:miracle:linux:php-xmlrpc");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:miracle:linux:7");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Miracle Linux Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/MiracleLinux/release", "Host/MiracleLinux/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'MIRACLE LINUX' >!< os_product) audit(AUDIT_OS_NOT, 'MIRACLE LINUX');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'MIRACLE LINUX');
if (! preg(pattern:"^7([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'MiracleLinux 7.x', 'MIRACLE LINUX ' + os_version);

if (!get_kb_item('Host/MiracleLinux/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('aarch64' >!< cpu && 'ppc' >!< cpu && 's390' >!< cpu && 'x86_64' >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'MIRACLE LINUX', cpu);

var constraints = [
  {
    'release': '7',
    'pkgs': [
      {'reference':'php-5.4.16-48.0.11.el7.AXS7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-bcmath-5.4.16-48.0.11.el7.AXS7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-cli-5.4.16-48.0.11.el7.AXS7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-common-5.4.16-48.0.11.el7.AXS7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-gd-5.4.16-48.0.11.el7.AXS7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-ldap-5.4.16-48.0.11.el7.AXS7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-mbstring-5.4.16-48.0.11.el7.AXS7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-mysql-5.4.16-48.0.11.el7.AXS7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-odbc-5.4.16-48.0.11.el7.AXS7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-pdo-5.4.16-48.0.11.el7.AXS7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-pgsql-5.4.16-48.0.11.el7.AXS7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-process-5.4.16-48.0.11.el7.AXS7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-recode-5.4.16-48.0.11.el7.AXS7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-soap-5.4.16-48.0.11.el7.AXS7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-xml-5.4.16-48.0.11.el7.AXS7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'},
      {'reference':'php-xmlrpc-5.4.16-48.0.11.el7.AXS7', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'0'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}
if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'php / php-bcmath / php-cli / php-common / php-gd / php-ldap / etc');
}

13 Jan 2026 00:00Current

7.2High risk

Vulners AI Score7.2

CVSS 27.5

CVSS 3.19.8

EPSS0.01242