View at Official suse advisory, NVD, CVE.org · CVE detail
Freshness: upstream tracker timestamp is available; use API updated time as primary recency signal.
CVE-2017-9224 severity low: SUSE including 208 source package names (apache2-mod_php5-5.2.14-0.7.30.110.1, apache2-mod_php5-5.5.14-108.1, …), 303 product×package rows across 13 product lines (SUSE Linux Enterprise Module for Web and Scripting 12, SUSE Linux Enterprise Server 11 SP1 for Teradata, … (13 product lines)): Fixed 300, Known Not Affected 3.
An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A stack out-of-bounds read occurs in match_at() during regular expression searching. A logical error involving order of validation and access in match_at() could result in an out-of-bounds read from a stack buffer.