Vulnerabilities > CVE-2023-49582 - Unspecified vulnerability in Apache Portable Runtime

CVSS 5.5 - MEDIUM

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

LOW

Confidentiality impact

HIGH

Integrity impact

NONE

Availability impact

NONE

local

low complexity

apache

NVD

Published: 2024-08-26

Updated: 2024-11-21

Summary

Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. This issue does not affect non-Unix platforms, or builds with APR_USE_SHMEM_SHMGET=1 (apr.h) Users are recommended to upgrade to APR version 1.7.5, which fixes this issue.

Vulnerable Configurations

Part	Description	Count
Application	Apache Apache Portable Runtime 0.9.0 Apache Portable Runtime 0.9.1 Apache Portable Runtime 0.9.2 Apache Portable Runtime 0.9.3 Apache Portable Runtime 0.9.4 Apache Portable Runtime 0.9.5 Apache Portable Runtime 0.9.6 Apache Portable Runtime 0.9.7 Apache Portable Runtime 0.9.8 Apache Portable Runtime 0.9.9 Apache Portable Runtime 0.9.10 Apache Portable Runtime 0.9.11 Apache Portable Runtime 0.9.12 Apache Portable Runtime 0.9.13 Apache Portable Runtime 0.9.14 Apache Portable Runtime 0.9.15 Apache Portable Runtime 0.9.16 Apache Portable Runtime 0.9.17 Apache Portable Runtime 0.9.18 Apache Portable Runtime 0.9.19 Apache Portable Runtime 0.9.20 Apache Portable Runtime 1.0.0 Apache Portable Runtime 1.0.1 Apache Portable Runtime 1.1.0 Apache Portable Runtime 1.1.1 Apache Portable Runtime 1.2.0 Apache Portable Runtime 1.2.1 Apache Portable Runtime 1.2.2 Apache Portable Runtime 1.2.3 Apache Portable Runtime 1.2.4 Apache Portable Runtime 1.2.5 Apache Portable Runtime 1.2.6 Apache Portable Runtime 1.2.7 Apache Portable Runtime 1.2.8 Apache Portable Runtime 1.2.9 Apache Portable Runtime 1.2.10 Apache Portable Runtime 1.2.11 Apache Portable Runtime 1.2.12 Apache Portable Runtime 1.3.0 Apache Portable Runtime 1.3.1 Apache Portable Runtime 1.3.2 Apache Portable Runtime 1.3.3 Apache Portable Runtime 1.3.4 Apache Portable Runtime 1.3.5 Apache Portable Runtime 1.3.6 Apache Portable Runtime 1.3.7 Apache Portable Runtime 1.3.8 Apache Portable Runtime 1.3.9 Apache Portable Runtime 1.3.10 Apache Portable Runtime 1.3.11 Apache Portable Runtime 1.3.12 Apache Portable Runtime 1.4.0 Apache Portable Runtime 1.4.1 Apache Portable Runtime 1.4.2 Apache Portable Runtime 1.4.3 Apache Portable Runtime 1.4.4 Apache Portable Runtime 1.4.5 Apache Portable Runtime 1.4.6 Apache Portable Runtime 1.4.7 Apache Portable Runtime 1.4.8 Apache Portable Runtime 1.5.0 Apache Portable Runtime 1.5.1 Apache Portable Runtime 1.5.2 Apache Portable Runtime 1.6.0 Apache Portable Runtime 1.6.1 Apache Portable Runtime 1.6.2 Apache Portable Runtime 1.6.3 Apache Portable Runtime 1.6.4 Apache Portable Runtime 1.6.5 Apache Portable Runtime 1.7.0 Apache Portable Runtime 1.7.1 Apache Portable Runtime 1.7.2 Apache Portable Runtime 1.7.3 Apache Portable Runtime 1.7.4	79

Summary

Vulnerable Configurations

References