Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2019-18874

Опубликовано: 07 нояб. 2019
Источник: redhat
CVSS3: 7
EPSS Низкий

Описание

psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.

A double free issue has been discovered in python-psutil because of the mishandling of refcounts while converting system data into Python objects in functions like psutil_disk_partitions(), psutil_users(), psutil_net_if_addrs(), and others. In particular cases, a local attacker may be able to get code execution by manipulating system resources that python-psutil then tries to convert.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
CloudForms Management Engine 5python-psutilWill not fix
Red Hat Enterprise Linux 9python39:3.9/python-psutilNot affected
Red Hat Enterprise Linux 9python-psutilNot affected
Red Hat OpenStack Platform 10 (Newton)python-psutilWill not fix
Red Hat OpenStack Platform 13 (Queens)python-psutilWill not fix
Red Hat OpenStack Platform 14 (Rocky)python-psutilWill not fix
Red Hat OpenStack Platform 15 (Stein)python-psutilWill not fix
Red Hat OpenStack Platform 16.1python-psutilWill not fix
Red Hat Quay 3python-psutilAffected
Red Hat Ansible Tower 3.6 for RHEL 7ansible-tower-36/ansible-runner-rhel7FixedRHSA-2020:425514.10.2020

Показывать по

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-416
https://bugzilla.redhat.com/show_bug.cgi?id=1772014python-psutil: Double free because of refcount mishandling

EPSS

Процентиль: 31%
0.00112
Низкий

7 High

CVSS3

Связанные уязвимости

CVSS3: 7.5
ubuntu
больше 5 лет назад

psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.

CVSS3: 7.5
nvd
больше 5 лет назад

psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.

CVSS3: 7.5
msrc
около 4 лет назад

Описание отсутствует

CVSS3: 7.5
debian
больше 5 лет назад

psutil (aka python-psutil) through 5.6.5 can have a double free. This ...

rocky
больше 3 лет назад

Moderate: python-psutil security update

EPSS

Процентиль: 31%
0.00112
Низкий

7 High

CVSS3