Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. This issue does not affect non-Unix platforms, or builds with APR_USE_SHMEM_SHMGET=1 (apr.h) Users are recommended to upgrade to APR version 1.7.5, which fixes this issue.
History

Fri, 22 Nov 2024 12:00:00 +0000


Fri, 01 Nov 2024 17:15:00 +0000

Type Values Removed Values Added
References
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}


Thu, 29 Aug 2024 17:00:00 +0000

Type Values Removed Values Added
References
Metrics threat_severity

None

threat_severity

Moderate


Tue, 27 Aug 2024 16:30:00 +0000

Type Values Removed Values Added
First Time appeared Apache
Apache portable Runtime
CPEs cpe:2.3:a:apache:portable_runtime:*:*:*:*:*:*:*:*
Vendors & Products Apache
Apache portable Runtime
Metrics cvssV3_1

{'score': 5.5, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N'}


Mon, 26 Aug 2024 18:30:00 +0000

Type Values Removed Values Added
References

Mon, 26 Aug 2024 14:15:00 +0000

Type Values Removed Values Added
Description Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. This issue does not affect non-Unix platforms, or builds with APR_USE_SHMEM_SHMGET=1 (apr.h) Users are recommended to upgrade to APR version 1.7.5, which fixes this issue.
Title Apache Portable Runtime (APR): Unexpected lax shared memory permissions
Weaknesses CWE-732
References

cve-icon MITRE

Status: PUBLISHED

Assigner: apache

Published: 2024-08-26T14:03:44.588Z

Updated: 2024-11-01T17:03:02.892Z

Reserved: 2023-11-27T18:07:52.860Z

Link: CVE-2023-49582

cve-icon Vulnrichment

Updated: 2024-11-01T17:03:02.892Z

cve-icon NVD

Status : Modified

Published: 2024-08-26T14:15:07.050

Modified: 2024-11-21T08:33:36.103

Link: CVE-2023-49582

cve-icon Redhat

Severity : Moderate

Publid Date: 2024-08-26T14:15:07Z

Links: CVE-2023-49582 - Bugzilla