Home

CVE-2019-9637

Description

An issue was discovered in PHP before 7.1.27, 7.2.x before 7.2.16, and 7.3.x before 7.3.3. Due to the way rename() across filesystems is implemented, it is possible that file being renamed is briefly available with wrong permissions while the rename is ongoing, thus enabling unauthorized users to access the data.

Risk Information

Base Score
7.5
MODERATE
Vector
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS Score
Exploitation Probability
12.424

Associated Vulnerability

VulnerabilityOS Platform
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update apcu-panel-5.1.12-2.module+el8.1.0+3202+af5476b9.noarch.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update libzip-1.5.1-2.module+el8.1.0+3202+af5476b9.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update libzip-debugsource-1.5.1-2.module+el8.1.0+3202+af5476b9.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update libzip-devel-1.5.1-2.module+el8.1.0+3202+af5476b9.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update libzip-tools-1.5.1-2.module+el8.1.0+3202+af5476b9.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-bcmath-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-cli-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-common-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-dba-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-dbg-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-debugsource-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-devel-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-embedded-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-enchant-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-fpm-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-gd-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-gmp-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-intl-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-json-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-ldap-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-mbstring-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-mysqlnd-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-odbc-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-opcache-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-pdo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-pear-1.10.5-9.module+el8.1.0+3202+af5476b9.noarch.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-pecl-apcu-5.1.12-2.module+el8.1.0+3202+af5476b9.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-pecl-apcu-debugsource-5.1.12-2.module+el8.1.0+3202+af5476b9.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-pecl-apcu-devel-5.1.12-2.module+el8.1.0+3202+af5476b9.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-pecl-zip-1.15.3-1.module+el8.1.0+3186+20164e6f.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-pecl-zip-debugsource-1.15.3-1.module+el8.1.0+3186+20164e6f.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-pgsql-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-process-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-recode-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-snmp-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-soap-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-xml-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624) php:7.2 security, bug fix, and enhancement update php-xmlrpc-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update libzip-debuginfo-1.5.1-2.module+el8.1.0+3202+af5476b9.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update libzip-tools-debuginfo-1.5.1-2.module+el8.1.0+3202+af5476b9.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-bcmath-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-cli-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-common-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-dba-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-dbg-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-embedded-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-enchant-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-fpm-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-gd-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-gmp-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-intl-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-json-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-ldap-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-mbstring-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-mysqlnd-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-odbc-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-opcache-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-pdo-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-pecl-apcu-debuginfo-5.1.12-2.module+el8.1.0+3202+af5476b9.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-pecl-zip-debuginfo-1.15.3-1.module+el8.1.0+3186+20164e6f.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-pgsql-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-process-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-recode-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-snmp-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-soap-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-xml-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
(RHSA-2020:1624)Moderate: security, bug fix, and enhancement update php-xmlrpc-debuginfo-7.2.24-1.module+el8.2.0+4601+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update libzip-1.5.1-2.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update libzip-devel-1.5.1-2.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update libzip-tools-1.5.1-2.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update apcu-panel-5.1.12-2.module_el8.3.0+2010+7c76a223.noarch.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-bcmath-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-cli-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-common-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-dba-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-dbg-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-devel-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-embedded-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-enchant-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-fpm-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-gd-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-gmp-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-intl-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-json-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-ldap-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-mbstring-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-mysqlnd-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-odbc-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-opcache-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-pdo-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-pear-1.10.5-9.module_el8.3.0+2010+7c76a223.noarch.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-pecl-apcu-5.1.12-2.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-pecl-apcu-devel-5.1.12-2.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-pecl-zip-1.15.3-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-pgsql-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-process-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-recode-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-snmp-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-soap-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-xml-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux
Moderate: php:7.2 security, bug fix, and enhancement update php-xmlrpc-7.2.24-1.module_el8.3.0+2010+7c76a223.x86_64.rpmLinux

Patch Details

No records found

References

https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234