Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data.
This issue does not affect non-Unix platforms, or builds with APR_USE_SHMEM_SHMGET=1 (apr.h)
Users are recommended to upgrade to APR version 1.7.5, which fixes this issue.
Metrics
Affected Vendors & Products
References
History
Fri, 22 Nov 2024 12:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Fri, 01 Nov 2024 17:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
|
Metrics |
ssvc
|
Thu, 29 Aug 2024 17:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
| |
Metrics |
threat_severity
|
threat_severity
|
Tue, 27 Aug 2024 16:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
Apache
Apache portable Runtime |
|
CPEs | cpe:2.3:a:apache:portable_runtime:*:*:*:*:*:*:*:* | |
Vendors & Products |
Apache
Apache portable Runtime |
|
Metrics |
cvssV3_1
|
Mon, 26 Aug 2024 18:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
References |
|
Mon, 26 Aug 2024 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. This issue does not affect non-Unix platforms, or builds with APR_USE_SHMEM_SHMGET=1 (apr.h) Users are recommended to upgrade to APR version 1.7.5, which fixes this issue. | |
Title | Apache Portable Runtime (APR): Unexpected lax shared memory permissions | |
Weaknesses | CWE-732 | |
References |
|
MITRE
Status: PUBLISHED
Assigner: apache
Published: 2024-08-26T14:03:44.588Z
Updated: 2024-11-01T17:03:02.892Z
Reserved: 2023-11-27T18:07:52.860Z
Link: CVE-2023-49582
Vulnrichment
Updated: 2024-11-01T17:03:02.892Z
NVD
Status : Modified
Published: 2024-08-26T14:15:07.050
Modified: 2024-11-21T08:33:36.103
Link: CVE-2023-49582
Redhat