CVE-2023-49582

CVSS v3.1

5.5

Medium

Vector

AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Apache Portable Runtime versions 0.9.0 through 1.7.4

Description Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. This issue does not affect non-Unix platforms, or builds with APR USE SHMEM SHMGET=1 (apr.h).

Recommendations To resolve the issue, upgrade to APR version 1.7.5, which fixes this issue. As a temporary workaround, consider restricting access to the shared memory segments to minimize the risk of exploitation.

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732

Related Identifiers

ALT-PU-2024-14982

ALT-PU-2024-15150

AZL-48216

AZL-48273

BDU:2025-07709

BIT-APR-2023-49582

CVE-2023-49582

MGASA-2024-0292

OESA-2024-2229

OPENSUSE-SU-2024:14347-1

OPENSUSE-SU-2024_3428-1

SUSE-SU-2024:3428-1

SUSE-SU-2024:3429-1

SUSE-SU-2024_3428-1

SUSE-SU-2024_3429-1

USN-7038-1

USN-7038-2

Affected Products

Alt Linux

Apache Portable Runtime

Astra Linux

Debian

Linuxmint

Red Os

Suse

Ubuntu

CVE-2023-49582

Weakness Enumeration

Related Identifiers

Affected Products

References · 53