CVE-2023-49582 Vulnerability Details

  /     /     /  

CVE-2023-49582 Metadata Quick Info

CVE Published: 26/08/2024 | CVE Updated: 01/11/2024 | CVE Year: 2023
Source: apache | Vendor: Apache Software Foundation | Product: Apache Portable Runtime (APR)
Status : PUBLISHED

---

CVE-2023-49582 Description

Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. This issue does not affect non-Unix platforms, or builds with APR_USE_SHMEM_SHMGET=1 (apr.h) Users are recommended to upgrade to APR version 1.7.5, which fixes this issue.

Metrics

CVSS Version: 3.1 | Base Score: n/a
Vector: n/a

l➤ Exploitability Metrics:
    Attack Vector (AV)*
    Attack Complexity (AC)*
    Privileges Required (PR)*
    User Interaction (UI)*
    Scope (S)*

l➤ Impact Metrics:
    Confidentiality Impact (C)*
    Integrity Impact (I)*
    Availability Impact (A)*

Weakness Enumeration (CWE)

CWE-ID: CWE-732
CWE Name: CWE-732 Incorrect Permission Assignment for Critical Resource
Source: Apache Software Foundation

Common Attack Pattern Enumeration and Classification (CAPEC)

CAPEC-ID:
CAPEC Description:


Source: NVD (National Vulnerability Database).