CVE-2023-49582
Severity
5.5MEDIUM
EPSS
0.0%
top 93.27%
CISA KEV
Not in KEV
Exploit
No known exploits
Timeline
PublishedAug 26
Latest updateJul 15
Description
Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data.
This issue does not affect non-Unix platforms, or builds with APR_USE_SHMEM_SHMGET=1 (apr.h)
Users are recommended to upgrade to APR version 1.7.5, which fixes this issue.
CVSS vector
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6
Affected Packages4 packages
🔴Vulnerability Details
4GHSA▶
GHSA-j26h-qjc9-68hh: Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, pote↗2024-08-26
OSV▶
CVE-2023-49582: Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, pote↗2024-08-26
OSV▶
CVE-2023-49582: Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, pote↗2024-08-26
📋Vendor Advisories
8Oracle▶
Oracle Oracle Hyperion Risk Matrix: Installation and Configuration (Apache Portable Runtime) — CVE-2023-49582↗2025-07-15
Oracle▶
Oracle Oracle Communications Applications Risk Matrix: Core (Apache Portable Runtime) — CVE-2023-49582↗2025-04-15
Oracle▶
Oracle Oracle Fusion Middleware Risk Matrix: Core (Apache Portable Runtime) — CVE-2023-49582↗2025-01-15