CVE-2023-49582 — MEDIUM (5.5)

Q: How severe is CVE-2023-49582?

CVE-2023-49582 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-49582?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Portable Runtime.

Vulnerability Description

Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. This issue does not affect non-Unix platforms, or builds with APR_USE_SHMEM_SHMGET=1 (apr.h) Users are recommended to upgrade to APR version 1.7.5, which fixes this issue.

CVSS Score

5.5

MEDIUM

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Apache	Portable Runtime	>= 0.9.0, < 1.7.5

Related Weaknesses (CWE)

CWE-732

References

FAQ

What is CVE-2023-49582?

CVE-2023-49582 is a vulnerability with a CVSS score of 5.5 (MEDIUM). Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. Th...

How severe is CVE-2023-49582?

CVE-2023-49582 has been rated MEDIUM with a CVSS base score of 5.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-49582?

Check the references section above for vendor advisories and patch information. Affected products include: Apache Portable Runtime.