Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

debian логотип

CVE-2023-49582

Опубликовано: 26 авг. 2024
Источник: debian
EPSS Низкий

Описание

Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. This issue does not affect non-Unix platforms, or builds with APR_USE_SHMEM_SHMGET=1 (apr.h) Users are recommended to upgrade to APR version 1.7.5, which fixes this issue.

Пакеты

ПакетСтатусВерсия исправленияРелизТип
aprfixed1.7.5-1package
aprfixed1.7.2-3+deb12u1bookwormpackage
aprignoredbullseyepackage

Примечания

  • https://www.openwall.com/lists/oss-security/2024/08/26/1

  • https://lists.apache.org/thread/h5f1c2dqm8bf5yfosw3rg85927p612l0

  • Exposed by: https://github.com/apache/apr/commit/dcdd7daaef7ee6c077a4769a5bec1fbc11e5611f (trunk)

  • Exposed by: https://github.com/apache/apr/commit/ebd6c401ccceea461a929122526caacf9c9e7b1d (1.7.1-rc1)

  • Fixed by: https://github.com/apache/apr/commit/501072062dfcbc459f5d1e576113d17c7de84d5a (trunk)

  • Fixed by: https://github.com/apache/apr/commit/36ea6d5a2bfc480dd8032cc8651e6793552bc2aa (1.7.5)

EPSS

Процентиль: 6%
0.00025
Низкий

Связанные уязвимости

ubuntu логотип

CVE-2023-49582

CVSS3: 5.5
ubuntu
больше 1 года назад

Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. This issue does not affect non-Unix platforms, or builds with APR_USE_SHMEM_SHMGET=1 (apr.h) Users are recommended to upgrade to APR version 1.7.5, which fixes this issue.

redhat логотип

CVE-2023-49582

CVSS3: 5.5
redhat
больше 1 года назад

Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. This issue does not affect non-Unix platforms, or builds with APR_USE_SHMEM_SHMGET=1 (apr.h) Users are recommended to upgrade to APR version 1.7.5, which fixes this issue.

nvd логотип

CVE-2023-49582

CVSS3: 5.5
nvd
больше 1 года назад

Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. This issue does not affect non-Unix platforms, or builds with APR_USE_SHMEM_SHMGET=1 (apr.h) Users are recommended to upgrade to APR version 1.7.5, which fixes this issue.

msrc логотип

CVE-2023-49582

CVSS3: 5.5
msrc
больше 1 года назад

Описание отсутствует

suse-cvrf логотип

SUSE-SU-2024:3429-1

suse-cvrf
больше 1 года назад

Security update for apr

EPSS

Процентиль: 6%
0.00025
Низкий