Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

RHEL 8 : php:8.2 (RHSA-2026:1412)

šŸ—“ļøĀ 27 Jan 2026Ā 00:00:00Reported byĀ TenableTypeĀ 
nessus
Ā nessusšŸ”—Ā www.tenable.comšŸ‘Ā 2Ā Views

RHEL 8 PHP 8.2 fixes CVEs in RHSA-2026:1412, including escaping error, NULL dereference, hostname null, heap overflow, image info leak, and DoS.

Related
Refs
Code
ReporterTitlePublishedViews
Family
Tenable Nessus		Amazon Linux 2023 : php8.1, php8.1-bcmath, php8.1-cli (ALAS2023-2025-1087)
4 Aug 202500:00
ā€“nessus
Tenable Nessus		Amazon Linux 2023 : php8.2, php8.2-bcmath, php8.2-cli (ALAS2023-2025-1088)
4 Aug 202500:00
ā€“nessus
Tenable Nessus		Amazon Linux 2023 : php8.4, php8.4-bcmath, php8.4-cli (ALAS2023-2025-1113)
4 Aug 202500:00
ā€“nessus
Tenable Nessus		Amazon Linux 2023 : php8.3, php8.3-bcmath, php8.3-cli (ALAS2023-2025-1114)
4 Aug 202500:00
ā€“nessus
Tenable Nessus		Amazon Linux 2023 : php8.4, php8.4-bcmath, php8.4-cli (ALAS2023-2025-1352)
8 Jan 202600:00
ā€“nessus
Tenable Nessus		Amazon Linux 2023 : php8.3, php8.3-bcmath, php8.3-cli (ALAS2023-2025-1353)
8 Jan 202600:00
ā€“nessus
Tenable Nessus		Amazon Linux 2023 : php8.2, php8.2-bcmath, php8.2-cli (ALAS2023-2025-1354)
8 Jan 202600:00
ā€“nessus
Tenable Nessus		Amazon Linux 2023 : php8.1, php8.1-bcmath, php8.1-cli (ALAS2023-2025-1355)
8 Jan 202600:00
ā€“nessus
Tenable Nessus		Amazon Linux 2 : php (ALASPHP8.1-2025-007)
4 Aug 202500:00
ā€“nessus
Tenable Nessus		Amazon Linux 2 : php, --advisory ALAS2PHP8.1-2026-008 (ALASPHP8.1-2026-008)
22 Jan 202600:00
ā€“nessus
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Red Hat Security Advisory RHSA-2026:1412. The text
# itself is copyright (C) Red Hat, Inc.
##

include('compat.inc');

if (description)
{
  script_id(296914);
  script_version("1.1");
  script_set_attribute(attribute:"plugin_modification_date", value:"2026/01/27");

  script_cve_id(
    "CVE-2025-1220",
    "CVE-2025-1735",
    "CVE-2025-6491",
    "CVE-2025-14177",
    "CVE-2025-14178",
    "CVE-2025-14180"
  );
  script_xref(name:"RHSA", value:"2026:1412");

  script_name(english:"RHEL 8 : php:8.2 (RHSA-2026:1412)");

  script_set_attribute(attribute:"synopsis", value:
"The remote Red Hat host is missing one or more security updates for php:8.2.");
  script_set_attribute(attribute:"description", value:
"The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as
referenced in the RHSA-2026:1412 advisory.

    PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server.

    Security Fix(es):

    * php: pgsql extension does not check for errors during escaping (CVE-2025-1735)

    * php: NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix (CVE-2025-6491)

    * php: PHP Hostname Null Character Vulnerability (CVE-2025-1220)

    * php: heap-based buffer overflow in array_merge() (CVE-2025-14178)

    * php: PHP: Information disclosure via getimagesize() function when reading multi-chunk images
    (CVE-2025-14177)

    * php: PHP: Denial of Service via invalid character sequence in PDO PostgreSQL prepared statement
    (CVE-2025-14180)

    For more details about the security issue(s), including the impact, a CVSS score, acknowledgments, and
    other related information, refer to the CVE page(s) listed in the References section.

Tenable has extracted the preceding description block directly from the Red Hat Enterprise Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/security/updates/classification/#important");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2378689");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2378690");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2379792");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2425625");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2425626");
  script_set_attribute(attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=2425627");
  # https://security.access.redhat.com/data/csaf/v2/advisories/2026/rhsa-2026_1412.json
  script_set_attribute(attribute:"see_also", value:"http://www.nessus.org/u?b2ea5f26");
  script_set_attribute(attribute:"see_also", value:"https://access.redhat.com/errata/RHSA-2026:1412");
  script_set_attribute(attribute:"solution", value:
"Update the RHEL php:8.2 package based on the guidance in RHSA-2026:1412.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss4_vector", value:"CVSS:4.0/AV:N/AC:H/AT:P/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N");
  script_set_attribute(attribute:"cvss4_threat_vector", value:"CVSS:4.0/E:P");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2025-14178");
  script_set_attribute(attribute:"cvss4_score_source", value:"CVE-2025-14180");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");
  script_cwe_id(125, 476, 787, 918);
  script_set_attribute(attribute:"vendor_severity", value:"Important");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/07/03");
  script_set_attribute(attribute:"patch_publication_date", value:"2026/01/27");
  script_set_attribute(attribute:"plugin_publication_date", value:"2026/01/27");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:enterprise_linux:8");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:redhat:rhel_eus:8.10");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:apcu-panel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libzip");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libzip-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:libzip-tools");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-bcmath");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-cli");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-common");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-dba");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-dbg");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-embedded");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-enchant");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-ffi");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-fpm");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-gd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-gmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-intl");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-ldap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-mbstring");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-mysqlnd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-odbc");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-opcache");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-pdo");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-pear");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-pecl-apcu");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-pecl-apcu-devel");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-pecl-rrd");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-pecl-xdebug3");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-pecl-zip");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-pgsql");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-process");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-snmp");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-soap");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:redhat:enterprise_linux:php-xml");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Red Hat Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2026 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info.nasl", "redhat_repos.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');
include('rhel.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'Red Hat' >!< os_product) audit(AUDIT_OS_NOT, 'Red Hat');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'Red Hat');
if (!rhel_check_release(operator: 'ge', os_version: os_version, rhel_version: '8')) audit(AUDIT_OS_NOT, 'Red Hat 8.x', 'Red Hat ' + os_version);

if (!get_kb_item('Host/RedHat/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu && 'ppc' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'Red Hat', cpu);

var constraints = {
  'php:8.2': [
    {
      'release': '8',
      'repo_relative_urls': [
        'content/dist/rhel8/8.10/aarch64/appstream/debug',
        'content/dist/rhel8/8.10/aarch64/appstream/os',
        'content/dist/rhel8/8.10/aarch64/appstream/source/SRPMS',
        'content/dist/rhel8/8.10/ppc64le/appstream/debug',
        'content/dist/rhel8/8.10/ppc64le/appstream/os',
        'content/dist/rhel8/8.10/ppc64le/appstream/source/SRPMS',
        'content/dist/rhel8/8.10/s390x/appstream/debug',
        'content/dist/rhel8/8.10/s390x/appstream/os',
        'content/dist/rhel8/8.10/s390x/appstream/source/SRPMS',
        'content/dist/rhel8/8.10/x86_64/appstream/debug',
        'content/dist/rhel8/8.10/x86_64/appstream/os',
        'content/dist/rhel8/8.10/x86_64/appstream/source/SRPMS',
        'content/dist/rhel8/8.6/aarch64/appstream/debug',
        'content/dist/rhel8/8.6/aarch64/appstream/os',
        'content/dist/rhel8/8.6/aarch64/appstream/source/SRPMS',
        'content/dist/rhel8/8.6/ppc64le/appstream/debug',
        'content/dist/rhel8/8.6/ppc64le/appstream/os',
        'content/dist/rhel8/8.6/ppc64le/appstream/source/SRPMS',
        'content/dist/rhel8/8.6/s390x/appstream/debug',
        'content/dist/rhel8/8.6/s390x/appstream/os',
        'content/dist/rhel8/8.6/s390x/appstream/source/SRPMS',
        'content/dist/rhel8/8.6/x86_64/appstream/debug',
        'content/dist/rhel8/8.6/x86_64/appstream/os',
        'content/dist/rhel8/8.6/x86_64/appstream/source/SRPMS',
        'content/dist/rhel8/8.8/aarch64/appstream/debug',
        'content/dist/rhel8/8.8/aarch64/appstream/os',
        'content/dist/rhel8/8.8/aarch64/appstream/source/SRPMS',
        'content/dist/rhel8/8.8/ppc64le/appstream/debug',
        'content/dist/rhel8/8.8/ppc64le/appstream/os',
        'content/dist/rhel8/8.8/ppc64le/appstream/source/SRPMS',
        'content/dist/rhel8/8.8/s390x/appstream/debug',
        'content/dist/rhel8/8.8/s390x/appstream/os',
        'content/dist/rhel8/8.8/s390x/appstream/source/SRPMS',
        'content/dist/rhel8/8.8/x86_64/appstream/debug',
        'content/dist/rhel8/8.8/x86_64/appstream/os',
        'content/dist/rhel8/8.8/x86_64/appstream/source/SRPMS',
        'content/dist/rhel8/8.9/aarch64/appstream/debug',
        'content/dist/rhel8/8.9/aarch64/appstream/os',
        'content/dist/rhel8/8.9/aarch64/appstream/source/SRPMS',
        'content/dist/rhel8/8.9/ppc64le/appstream/debug',
        'content/dist/rhel8/8.9/ppc64le/appstream/os',
        'content/dist/rhel8/8.9/ppc64le/appstream/source/SRPMS',
        'content/dist/rhel8/8.9/s390x/appstream/debug',
        'content/dist/rhel8/8.9/s390x/appstream/os',
        'content/dist/rhel8/8.9/s390x/appstream/source/SRPMS',
        'content/dist/rhel8/8.9/x86_64/appstream/debug',
        'content/dist/rhel8/8.9/x86_64/appstream/os',
        'content/dist/rhel8/8.9/x86_64/appstream/source/SRPMS',
        'content/dist/rhel8/8/aarch64/appstream/debug',
        'content/dist/rhel8/8/aarch64/appstream/os',
        'content/dist/rhel8/8/aarch64/appstream/source/SRPMS',
        'content/dist/rhel8/8/ppc64le/appstream/debug',
        'content/dist/rhel8/8/ppc64le/appstream/os',
        'content/dist/rhel8/8/ppc64le/appstream/source/SRPMS',
        'content/dist/rhel8/8/s390x/appstream/debug',
        'content/dist/rhel8/8/s390x/appstream/os',
        'content/dist/rhel8/8/s390x/appstream/source/SRPMS',
        'content/dist/rhel8/8/x86_64/appstream/debug',
        'content/dist/rhel8/8/x86_64/appstream/os',
        'content/dist/rhel8/8/x86_64/appstream/source/SRPMS',
        'content/public/ubi/dist/ubi8/8/aarch64/appstream/debug',
        'content/public/ubi/dist/ubi8/8/aarch64/appstream/os',
        'content/public/ubi/dist/ubi8/8/aarch64/appstream/source/SRPMS',
        'content/public/ubi/dist/ubi8/8/ppc64le/appstream/debug',
        'content/public/ubi/dist/ubi8/8/ppc64le/appstream/os',
        'content/public/ubi/dist/ubi8/8/ppc64le/appstream/source/SRPMS',
        'content/public/ubi/dist/ubi8/8/s390x/appstream/debug',
        'content/public/ubi/dist/ubi8/8/s390x/appstream/os',
        'content/public/ubi/dist/ubi8/8/s390x/appstream/source/SRPMS',
        'content/public/ubi/dist/ubi8/8/x86_64/appstream/debug',
        'content/public/ubi/dist/ubi8/8/x86_64/appstream/os',
        'content/public/ubi/dist/ubi8/8/x86_64/appstream/source/SRPMS'
      ],
      'pkgs': [
        {'reference':'apcu-panel-5.1.23-1.module+el8.10.0', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'libzip-1.7.3-1.module+el8.10.0', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'libzip-devel-1.7.3-1.module+el8.10.0', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'libzip-tools-1.7.3-1.module+el8.10.0', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'php-8.2.30-1.module+el8.10.0', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'php-bcmath-8.2.30-1.module+el8.10.0', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'php-cli-8.2.30-1.module+el8.10.0', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'php-common-8.2.30-1.module+el8.10.0', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'php-dba-8.2.30-1.module+el8.10.0', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'php-dbg-8.2.30-1.module+el8.10.0', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'php-devel-8.2.30-1.module+el8.10.0', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'php-embedded-8.2.30-1.module+el8.10.0', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'php-enchant-8.2.30-1.module+el8.10.0', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'php-ffi-8.2.30-1.module+el8.10.0', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'php-fpm-8.2.30-1.module+el8.10.0', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'php-gd-8.2.30-1.module+el8.10.0', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'php-gmp-8.2.30-1.module+el8.10.0', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'php-intl-8.2.30-1.module+el8.10.0', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'php-ldap-8.2.30-1.module+el8.10.0', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'php-mbstring-8.2.30-1.module+el8.10.0', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'php-mysqlnd-8.2.30-1.module+el8.10.0', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'php-odbc-8.2.30-1.module+el8.10.0', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'php-opcache-8.2.30-1.module+el8.10.0', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'php-pdo-8.2.30-1.module+el8.10.0', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'php-pear-1.10.14-1.module+el8.10.0', 'release':'8', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
        {'reference':'php-pecl-apcu-5.1.23-1.module+el8.10.0', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'php-pecl-apcu-devel-5.1.23-1.module+el8.10.0', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'php-pecl-rrd-2.0.3-1.module+el8.10.0', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'php-pecl-xdebug3-3.2.2-2.module+el8.10.0', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'php-pecl-zip-1.22.3-1.module+el8.10.0', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'php-pgsql-8.2.30-1.module+el8.10.0', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'php-process-8.2.30-1.module+el8.10.0', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'php-snmp-8.2.30-1.module+el8.10.0', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'php-soap-8.2.30-1.module+el8.10.0', 'release':'8', 'rpm_spec_vers_cmp':TRUE},
        {'reference':'php-xml-8.2.30-1.module+el8.10.0', 'release':'8', 'rpm_spec_vers_cmp':TRUE}
      ]
    }
  ]
};

var applicable_repo_urls = rhel_determine_applicable_repository_urls(constraints:constraints, appstreams:TRUE);
if(applicable_repo_urls == RHEL_REPOS_NO_OVERLAP_MESSAGE) exit(0, RHEL_REPO_NOT_ENABLED);

var module_ver = get_kb_item('Host/RedHat/appstream/php');
if (isnull(module_ver)) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module php:8.2');
if ('8.2' >!< module_ver) audit(AUDIT_PACKAGE_NOT_AFFECTED, 'Module php:' + module_ver);

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
var repo_relative_urls;
var appstreams_found = 0;
var appstream;
var appstream_name;
var appstream_version;
foreach var module (keys(constraints)) {
  appstream = NULL;
  appstream_name = NULL;
  appstream_version = NULL;
  appstream_split = split(module, sep:':', keep:FALSE);
  if (!empty_or_null(appstream_split)) {
    appstream_name = appstream_split[0];
    appstream_version = appstream_split[1];
    if (!empty_or_null(appstream_name)) appstream = get_one_kb_item('Host/RedHat/appstream/' + appstream_name);
  }
  if (!empty_or_null(appstream) && appstream_version == appstream || appstream_name == 'all') {
    appstreams_found++;
    foreach var module_array ( constraints[module] ) {
      # Check that the target release is equal to the affected release
      if (!empty_or_null(module_array['release'])){
        if (module_array['release'] != os_release) continue;
      }
      if (!empty_or_null(module_array['sp'])){
        if (module_array['sp'] != os_sp) continue;
      }
      repo_relative_urls = NULL;
      if (!empty_or_null(module_array['repo_relative_urls'])) repo_relative_urls = module_array['repo_relative_urls'];
      foreach var package_array ( module_array['pkgs'] ) {
        reference = NULL;
        sp = NULL;
        _cpu = NULL;
        el_string = NULL;
        rpm_spec_vers_cmp = NULL;
        epoch = NULL;
        allowmaj = NULL;
        exists_check = NULL;
        cves = NULL;
        if (!empty_or_null(package_array['reference'])) reference = package_array['reference'];
        if (!empty_or_null(package_array['sp'])) sp = package_array['sp'];
        if (!empty_or_null(package_array['cpu'])) _cpu = package_array['cpu'];
        if (!empty_or_null(package_array['el_string'])) el_string = package_array['el_string'];
        if (!empty_or_null(package_array['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = package_array['rpm_spec_vers_cmp'];
        if (!empty_or_null(package_array['epoch'])) epoch = package_array['epoch'];
        if (!empty_or_null(package_array['allowmaj'])) allowmaj = package_array['allowmaj'];
        if (!empty_or_null(package_array['exists_check'])) exists_check = package_array['exists_check'];
        if (!empty_or_null(package_array['cves'])) cves = package_array['cves'];
        if (reference &&
            rhel_decide_repo_relative_url_check(required_repo_url_list:repo_relative_urls) &&
            (applicable_repo_urls || (!exists_check || rpm_exists(rpm:exists_check))) &&
            rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
      }
    }
  }
}

if (!appstreams_found) audit(AUDIT_PACKAGE_NOT_INSTALLED, 'Module php:8.2');

if (flag)
{
  var extra = NULL;
  if (isnull(applicable_repo_urls) || !applicable_repo_urls) extra = rpm_report_get() + redhat_report_repo_caveat();
  else extra = rpm_report_get();
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : extra
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'apcu-panel / libzip / libzip-devel / libzip-tools / php / etc');
}

Data

Build on a solid foundation withĀ Vulners data

WeĀ provide theĀ essential building blocks forĀ cybersecurity solutions withĀ comprehensive, structured, andĀ constantly updated vulnerability andĀ exploits data

Api

Power your application withĀ Vulners API

The Vulners REST API offers reliable, high-performance access toĀ vulnerabilityĀ intelligence, withĀ 99.9%Ā SLAĀ uptime andĀ CDN-backed data delivery forĀ seamlessĀ global access

App

Assess and manage vulnerabilities withĀ VulnersĀ tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
27 Jan 2026 00:00Current
6.2Medium risk
Vulners AI Score6.2
CVSS 3.16.5 - 8.2
CVSS 48.2
EPSS0.00772
SSVC
RHEL 8PHP 8.2RHSA 2026 1412escaping errornull dereferencehostname nullheap overflowimage info leakPDO DoS
2