Описание
psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.
A double free issue has been discovered in python-psutil because of the mishandling of refcounts while converting system data into Python objects in functions like psutil_disk_partitions(), psutil_users(), psutil_net_if_addrs(), and others. In particular cases, a local attacker may be able to get code execution by manipulating system resources that python-psutil then tries to convert.
Затронутые пакеты
Платформа | Пакет | Состояние | Рекомендация | Релиз |
---|---|---|---|---|
CloudForms Management Engine 5 | python-psutil | Will not fix | ||
Red Hat Enterprise Linux 9 | python39:3.9/python-psutil | Not affected | ||
Red Hat Enterprise Linux 9 | python-psutil | Not affected | ||
Red Hat OpenStack Platform 10 (Newton) | python-psutil | Will not fix | ||
Red Hat OpenStack Platform 13 (Queens) | python-psutil | Will not fix | ||
Red Hat OpenStack Platform 14 (Rocky) | python-psutil | Will not fix | ||
Red Hat OpenStack Platform 15 (Stein) | python-psutil | Will not fix | ||
Red Hat OpenStack Platform 16.1 | python-psutil | Will not fix | ||
Red Hat Quay 3 | python-psutil | Affected | ||
Red Hat Ansible Tower 3.6 for RHEL 7 | ansible-tower-36/ansible-runner-rhel7 | Fixed | RHSA-2020:4255 | 14.10.2020 |
Показывать по
Дополнительная информация
Статус:
EPSS
7 High
CVSS3
Связанные уязвимости
psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.
psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.
psutil (aka python-psutil) through 5.6.5 can have a double free. This ...
EPSS
7 High
CVSS3