Search for vulnerabilities
Vulnerability details: VCID-2f3q-uqmr-kkg3
Vulnerability ID VCID-2f3q-uqmr-kkg3
Aliases CVE-2023-49582
Summary Lax permissions set by the Apache Portable Runtime library on Unix platforms would allow local users read access to named shared memory segments, potentially revealing sensitive application data. This issue does not affect non-Unix platforms, or builds with APR_USE_SHMEM_SHMGET=1 (apr.h) Users are recommended to upgrade to APR version 1.7.5, which fixes this issue.
Status Published
Exploitability 0.5
Weighted Severity 5.0
Risk 2.5
Affected and Fixed Packages Package Details
Weaknesses (1)
CWE-732 Incorrect Permission Assignment for Critical Resource
System Score Found at
cvssv3 5.5 https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49582.json
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2023-49582
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2023-49582
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2023-49582
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2023-49582
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2023-49582
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2023-49582
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2023-49582
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2023-49582
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2023-49582
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2023-49582
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2023-49582
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2023-49582
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2023-49582
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2023-49582
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2023-49582
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2023-49582
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2023-49582
epss 0.00038 https://api.first.org/data/v1/epss?cve=CVE-2023-49582
cvssv3.1 5.5 https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
cvssv3.1 5.5 https://lists.apache.org/thread/sntjc04t1rvjhdzz2tzmtz2zdnmv7dc4
ssvc Track https://lists.apache.org/thread/sntjc04t1rvjhdzz2tzmtz2zdnmv7dc4
cvssv3.1 5.5 https://nvd.nist.gov/vuln/detail/CVE-2023-49582
Reference id Reference type URL
https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49582.json
https://api.first.org/data/v1/epss?cve=CVE-2023-49582
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-49582
https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
https://security.netapp.com/advisory/ntap-20241101-0004/
http://www.openwall.com/lists/oss-security/2024/08/26/1
1080375 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1080375
2307913 https://bugzilla.redhat.com/show_bug.cgi?id=2307913
cpe:2.3:a:apache:portable_runtime:*:*:*:*:*:*:*:* https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:2.3:a:apache:portable_runtime:*:*:*:*:*:*:*:*
CVE-2023-49582 https://nvd.nist.gov/vuln/detail/CVE-2023-49582
sntjc04t1rvjhdzz2tzmtz2zdnmv7dc4 https://lists.apache.org/thread/sntjc04t1rvjhdzz2tzmtz2zdnmv7dc4
USN-7038-1 https://usn.ubuntu.com/7038-1/
USN-7038-2 https://usn.ubuntu.com/7038-2/
No exploits are available.
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-49582.json
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://lists.apache.org/thread/sntjc04t1rvjhdzz2tzmtz2zdnmv7dc4
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Vector: SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-26T17:39:05Z/ Found at https://lists.apache.org/thread/sntjc04t1rvjhdzz2tzmtz2zdnmv7dc4
Vector: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N Found at https://nvd.nist.gov/vuln/detail/CVE-2023-49582
Attack Vector (AV) Attack Complexity (AC) Privileges Required (PR) User Interaction (UI) Scope (S) Confidentiality Impact (C) Integrity Impact (I) Availability Impact (A)

network

adjacent_network

local

physical

low

high

none

low

high

none

required

unchanged

changed

high

low

none

high

low

none

high

low

none
Exploit Prediction Scoring System (EPSS)
Percentile 0.1033
EPSS Score 0.00038
Published At July 30, 2025, 12:55 p.m.
Date Actor Action Source VulnerableCode Version
2025-07-31T08:43:05.477835+00:00 Alpine Linux Importer Import https://secdb.alpinelinux.org/v3.17/main.json 37.0.0