DNA View

CVE-2023-49582

Medium

Low Medium High Critical

5.5

CVSS Score

Published: Aug 26, 2024

Last Modified: Mar 13, 2025

CWE: CWE-732

Vulnerability Description

Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data.

This issue does not affect non-Unix platforms, or builds with APR_USE_SHMEM_SHMGET=1 (apr.h)

Users are recommended to upgrade to APR version 1.7.5, which fixes this issue.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Known Affected Software

81 configuration(s) from 1 vendor(s)

portable_runtime

Version:

1.3.8

CPE:

cpe:2.3:a:apache:portable_runtime:1.3.8:*:*:*:*:*:*:*

portable_runtime

Version:

1.4.1

CPE:

cpe:2.3:a:apache:portable_runtime:1.4.1:*:*:*:*:*:*:*

portable_runtime

Version:

1.4.7

CPE:

cpe:2.3:a:apache:portable_runtime:1.4.7:*:*:*:*:*:*:*

portable_runtime

Version:

1.4.4

CPE:

cpe:2.3:a:apache:portable_runtime:1.4.4:*:*:*:*:*:*:*

portable_runtime

Version:

0.9.16

CPE:

cpe:2.3:a:apache:portable_runtime:0.9.16:*:*:*:*:*:*:*

portable_runtime

Version:

1.3.7

CPE:

cpe:2.3:a:apache:portable_runtime:1.3.7:*:*:*:*:*:*:*

portable_runtime

Version:

1.2.10

CPE:

cpe:2.3:a:apache:portable_runtime:1.2.10:*:*:*:*:*:*:*

portable_runtime

Version:

1.2.7

CPE:

cpe:2.3:a:apache:portable_runtime:1.2.7:*:*:*:*:*:*:*

portable_runtime

Version:

0.9.6

CPE:

cpe:2.3:a:apache:portable_runtime:0.9.6:*:*:*:*:*:*:*

portable_runtime

Version:

1.5.0

CPE:

cpe:2.3:a:apache:portable_runtime:1.5.0:*:*:*:*:*:*:*

portable_runtime

Version:

1.3.5

CPE:

cpe:2.3:a:apache:portable_runtime:1.3.5:*:*:*:*:*:*:*

portable_runtime

Version:

0.9.12

CPE:

cpe:2.3:a:apache:portable_runtime:0.9.12:*:*:*:*:*:*:*

portable_runtime

Version:

0.9.2

CPE:

cpe:2.3:a:apache:portable_runtime:0.9.2:*:*:*:*:*:*:*

portable_runtime

Version:

1.3.6

CPE:

cpe:2.3:a:apache:portable_runtime:1.3.6:*:*:*:*:*:*:*

portable_runtime

Version:

1.2.8

CPE:

cpe:2.3:a:apache:portable_runtime:1.2.8:*:*:*:*:*:*:*

portable_runtime

Version:

1.2.1

CPE:

cpe:2.3:a:apache:portable_runtime:1.2.1:*:*:*:*:*:*:*

portable_runtime

Version:

0.9.17

CPE:

cpe:2.3:a:apache:portable_runtime:0.9.17:*:*:*:*:*:*:*

portable_runtime

Version:

1.3.13

CPE:

cpe:2.3:a:apache:portable_runtime:1.3.13:*:*:*:*:*:*:*

portable_runtime

Version:

1.4.2

CPE:

cpe:2.3:a:apache:portable_runtime:1.4.2:*:*:*:*:*:*:*

portable_runtime

Version:

1.4.0

CPE:

cpe:2.3:a:apache:portable_runtime:1.4.0:*:*:*:*:*:*:*

portable_runtime

Version:

0.9.4

CPE:

cpe:2.3:a:apache:portable_runtime:0.9.4:*:*:*:*:*:*:*

portable_runtime

Version:

1.3.11

CPE:

cpe:2.3:a:apache:portable_runtime:1.3.11:*:*:*:*:*:*:*

portable_runtime

Version:

1.2.12

CPE:

cpe:2.3:a:apache:portable_runtime:1.2.12:*:*:*:*:*:*:*

portable_runtime

Version:

0.9.20

CPE:

cpe:2.3:a:apache:portable_runtime:0.9.20:*:*:*:*:*:*:*

portable_runtime

Version:

1.6.0

CPE:

cpe:2.3:a:apache:portable_runtime:1.6.0:*:*:*:*:*:*:*

portable_runtime

Version:

0.9.8

CPE:

cpe:2.3:a:apache:portable_runtime:0.9.8:*:*:*:*:*:*:*

portable_runtime

Version:

1.6.4

CPE:

cpe:2.3:a:apache:portable_runtime:1.6.4:*:*:*:*:*:*:*

portable_runtime

Version:

0.9.14

CPE:

cpe:2.3:a:apache:portable_runtime:0.9.14:*:*:*:*:*:*:*

portable_runtime

Version:

0.9.16-dev

CPE:

cpe:2.3:a:apache:portable_runtime:0.9.16-dev:*:*:*:*:*:*:*

portable_runtime

Version:

0.9.5

CPE:

cpe:2.3:a:apache:portable_runtime:0.9.5:*:*:*:*:*:*:*

portable_runtime

Version:

0.9.7-dev

CPE:

cpe:2.3:a:apache:portable_runtime:0.9.7-dev:*:*:*:*:*:*:*

portable_runtime

Version:

1.0.0

CPE:

cpe:2.3:a:apache:portable_runtime:1.0.0:*:*:*:*:*:*:*

portable_runtime

Version:

1.2.6

CPE:

cpe:2.3:a:apache:portable_runtime:1.2.6:*:*:*:*:*:*:*

portable_runtime

Version:

1.3.0

CPE:

cpe:2.3:a:apache:portable_runtime:1.3.0:*:*:*:*:*:*:*

portable_runtime

Version:

1.3.1

CPE:

cpe:2.3:a:apache:portable_runtime:1.3.1:*:*:*:*:*:*:*

portable_runtime

Version:

0.9.3-dev

CPE:

cpe:2.3:a:apache:portable_runtime:0.9.3-dev:*:*:*:*:*:*:*

portable_runtime

Version:

1.6.3

CPE:

cpe:2.3:a:apache:portable_runtime:1.6.3:*:*:*:*:*:*:*

portable_runtime

Version:

1.4.5

CPE:

cpe:2.3:a:apache:portable_runtime:1.4.5:*:*:*:*:*:*:*

portable_runtime

Version:

0.9.7

CPE:

cpe:2.3:a:apache:portable_runtime:0.9.7:*:*:*:*:*:*:*

portable_runtime

Version:

1.2.5

CPE:

cpe:2.3:a:apache:portable_runtime:1.2.5:*:*:*:*:*:*:*

portable_runtime

Version:

1.7.2

CPE:

cpe:2.3:a:apache:portable_runtime:1.7.2:-:*:*:*:*:*:*

portable_runtime

Version:

0.9.9

CPE:

cpe:2.3:a:apache:portable_runtime:0.9.9:*:*:*:*:*:*:*

portable_runtime

Version:

1.7.3

CPE:

cpe:2.3:a:apache:portable_runtime:1.7.3:-:*:*:*:*:*:*

portable_runtime

Version:

0.9.1

CPE:

cpe:2.3:a:apache:portable_runtime:0.9.1:*:*:*:*:*:*:*

portable_runtime

Version:

1.0.1

CPE:

cpe:2.3:a:apache:portable_runtime:1.0.1:*:*:*:*:*:*:*

portable_runtime

Version:

1.7.1

CPE:

cpe:2.3:a:apache:portable_runtime:1.7.1:-:*:*:*:*:*:*

portable_runtime

Version:

1.6.1

CPE:

cpe:2.3:a:apache:portable_runtime:1.6.1:*:*:*:*:*:*:*

portable_runtime

Version:

1.6.5

CPE:

cpe:2.3:a:apache:portable_runtime:1.6.5:*:*:*:*:*:*:*

portable_runtime

Version:

1.6.2

CPE:

cpe:2.3:a:apache:portable_runtime:1.6.2:*:*:*:*:*:*:*

portable_runtime

Version:

0.9.15

CPE:

cpe:2.3:a:apache:portable_runtime:0.9.15:*:*:*:*:*:*:*

portable_runtime

Version:

1.3.4-dev

CPE:

cpe:2.3:a:apache:portable_runtime:1.3.4-dev:*:*:*:*:*:*:*

portable_runtime

Version:

1.2.2

CPE:

cpe:2.3:a:apache:portable_runtime:1.2.2:*:*:*:*:*:*:*

portable_runtime

Version:

0.9.10

CPE:

cpe:2.3:a:apache:portable_runtime:0.9.10:*:*:*:*:*:*:*

portable_runtime

Version:

1.5.2

CPE:

cpe:2.3:a:apache:portable_runtime:1.5.2:*:*:*:*:*:*:*

portable_runtime

Version:

1.3.4

CPE:

cpe:2.3:a:apache:portable_runtime:1.3.4:*:*:*:*:*:*:*

portable_runtime

Version:

0.9.0

CPE:

cpe:2.3:a:apache:portable_runtime:0.9.0:*:*:*:*:*:*:*

portable_runtime

Version:

1.4.6

CPE:

cpe:2.3:a:apache:portable_runtime:1.4.6:*:*:*:*:*:*:*

portable_runtime

Version:

1.4.8

CPE:

cpe:2.3:a:apache:portable_runtime:1.4.8:*:*:*:*:*:*:*

portable_runtime

Version:

1.5.1

CPE:

cpe:2.3:a:apache:portable_runtime:1.5.1:*:*:*:*:*:*:*

portable_runtime

Version:

0.9.3

CPE:

cpe:2.3:a:apache:portable_runtime:0.9.3:*:*:*:*:*:*:*

portable_runtime

Version:

1.3.10

CPE:

cpe:2.3:a:apache:portable_runtime:1.3.10:*:*:*:*:*:*:*

portable_runtime

Version:

1.2.11

CPE:

cpe:2.3:a:apache:portable_runtime:1.2.11:*:*:*:*:*:*:*

portable_runtime

Version:

1.2.9

CPE:

cpe:2.3:a:apache:portable_runtime:1.2.9:*:*:*:*:*:*:*

portable_runtime

Version:

0.9.13

CPE:

cpe:2.3:a:apache:portable_runtime:0.9.13:*:*:*:*:*:*:*

portable_runtime

Version:

1.3.6-dev

CPE:

cpe:2.3:a:apache:portable_runtime:1.3.6-dev:*:*:*:*:*:*:*

portable_runtime

Version:

1.3.3

CPE:

cpe:2.3:a:apache:portable_runtime:1.3.3:*:*:*:*:*:*:*

portable_runtime

Version:

1.3.9

CPE:

cpe:2.3:a:apache:portable_runtime:1.3.9:*:*:*:*:*:*:*

portable_runtime

Version:

0.9.11

CPE:

cpe:2.3:a:apache:portable_runtime:0.9.11:*:*:*:*:*:*:*

portable_runtime

Version:

1.3.2

CPE:

cpe:2.3:a:apache:portable_runtime:1.3.2:*:*:*:*:*:*:*

portable_runtime

Version:

1.4.3

CPE:

cpe:2.3:a:apache:portable_runtime:1.4.3:*:*:*:*:*:*:*

portable_runtime

Version:

1.2.0

CPE:

cpe:2.3:a:apache:portable_runtime:1.2.0:*:*:*:*:*:*:*

portable_runtime

Version:

1.2.3

CPE:

cpe:2.3:a:apache:portable_runtime:1.2.3:*:*:*:*:*:*:*

portable_runtime

Version:

1.1.1

CPE:

cpe:2.3:a:apache:portable_runtime:1.1.1:*:*:*:*:*:*:*

portable_runtime

Version:

0.9.19

CPE:

cpe:2.3:a:apache:portable_runtime:0.9.19:*:*:*:*:*:*:*

portable_runtime

Version:

1.7.0

CPE:

cpe:2.3:a:apache:portable_runtime:1.7.0:*:*:*:*:*:*:*

portable_runtime

Version:

1.2.4

CPE:

cpe:2.3:a:apache:portable_runtime:1.2.4:*:*:*:*:*:*:*

portable_runtime

Version:

0.9.18

CPE:

cpe:2.3:a:apache:portable_runtime:0.9.18:*:*:*:*:*:*:*

portable_runtime

Version:

1.7.4

CPE:

cpe:2.3:a:apache:portable_runtime:1.7.4:-:*:*:*:*:*:*

portable_runtime

Version:

1.3.12

CPE:

cpe:2.3:a:apache:portable_runtime:1.3.12:*:*:*:*:*:*:*

portable_runtime

Version:

0.9.2-dev

CPE:

cpe:2.3:a:apache:portable_runtime:0.9.2-dev:*:*:*:*:*:*:*

portable_runtime

Version:

1.1.0

CPE:

cpe:2.3:a:apache:portable_runtime:1.1.0:*:*:*:*:*:*:*

This vulnerability affects 81 software configuration(s). Ensure you patch all affected systems.

Available Security Patches

4 patches available from vendors

View All Patches

Microsoft

2024-Nov-CVE-2023-49582

CVE-2023-49582: None

Severity

Unknown

Released

Sep 04, 2025

Security Update

View Details Vendor Page

Oracle

CPUJUL2025

Oracle Critical Patch Update Advisory - July 2025

Severity

Critical

Released

Jul 15, 2025

Restart Required

Security Update

View Details Vendor Page

Oracle

CPUAPR2025

Oracle Critical Patch Update Advisory - April 2025

Severity

Critical

Released

Apr 15, 2025

Restart Required

Security Update

View Details Vendor Page

Oracle

CPUJAN2025

Oracle Critical Patch Update Advisory - January 2025

Severity

Critical

Released

Jan 21, 2025

Restart Required

Security Update

View Details Vendor Page

Browse All Security Patches

References & Resources

Severity Details

5.5

out of 10.0

Medium

Weakness Type (CWE)

CWE-732

Incorrect Permission Assignment for Critical Resource

Description: The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors.
Exploit Likelihood: High
Typical Severity: High
Abstraction Level: Class