CVE-2023-49582

MEDIUM

Apache Portable Runtime < 1.7.5 - Incorrect Permission Assignment

Title source: rule

Description

Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. This issue does not affect non-Unix platforms, or builds with APR_USE_SHMEM_SHMGET=1 (apr.h) Users are recommended to upgrade to APR version 1.7.5, which fixes this issue.

References (3)

Scores

CVSS v3 5.5
EPSS 0.0003
EPSS Percentile 6.3%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Classification

CWE
CWE-732
Status published

Affected Products (1)

apache/portable_runtime < 1.7.5

Timeline

Published Aug 26, 2024
Tracked Since Feb 18, 2026