CVE-2019-18874
Description
psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.
Risk Information
Base Score
7.5
MODERATE
Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
EPSS Score
Exploitation Probability
0.112
Associated Vulnerability
| Vulnerability | OS Platform |
|---|---|
| Vulnerabilities CVE-2019-18874 are fixed in Python-psutil 5.6.6 | Windows |
| module providing convenience functions for managing processes (USN-4204-1) python-psutil_3.4.2-1ubuntu0.1_i386.deb | Linux |
| module providing convenience functions for managing processes (USN-4204-1) python-psutil_3.4.2-1ubuntu0.1_amd64.deb | Linux |
| module providing convenience functions for managing processes (USN-4204-1) python-psutil_5.4.2-1ubuntu0.1_i386.deb | Linux |
| module providing convenience functions for managing processes (USN-4204-1) python-psutil_5.4.2-1ubuntu0.1_amd64.deb | Linux |
| module providing convenience functions for managing processes (USN-4204-1) python-psutil_5.5.1-1ubuntu0.19.04.1_i386.deb | Linux |
| module providing convenience functions for managing processes (USN-4204-1) python-psutil_5.5.1-1ubuntu0.19.04.1_amd64.deb | Linux |
| module providing convenience functions for managing processes (USN-4204-1) python-psutil_5.5.1-1ubuntu0.19.10.1_i386.deb | Linux |
| module providing convenience functions for managing processes (USN-4204-1) python-psutil_5.5.1-1ubuntu0.19.10.1_amd64.deb | Linux |
| module providing convenience functions for managing processes (USN-4204-1) python3-psutil_3.4.2-1ubuntu0.1_i386.deb | Linux |
| module providing convenience functions for managing processes (USN-4204-1) python3-psutil_3.4.2-1ubuntu0.1_amd64.deb | Linux |
| module providing convenience functions for managing processes (USN-4204-1) python3-psutil_5.4.2-1ubuntu0.1_i386.deb | Linux |
| module providing convenience functions for managing processes (USN-4204-1) python3-psutil_5.4.2-1ubuntu0.1_amd64.deb | Linux |
| module providing convenience functions for managing processes (USN-4204-1) python3-psutil_5.5.1-1ubuntu0.19.04.1_i386.deb | Linux |
| module providing convenience functions for managing processes (USN-4204-1) python3-psutil_5.5.1-1ubuntu0.19.04.1_amd64.deb | Linux |
| module providing convenience functions for managing processes (USN-4204-1) python3-psutil_5.5.1-1ubuntu0.19.10.1_i386.deb | Linux |
| module providing convenience functions for managing processes (USN-4204-1) python3-psutil_5.5.1-1ubuntu0.19.10.1_amd64.deb | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update PyYAML-debugsource-5.4.1-1.module+el8.5.0+10721+14d8e0d5.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update numpy-debugsource-1.17.3-6.module+el8.5.0+12205+a865257a.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python-lxml-debugsource-4.4.1-6.module+el8.5.0+10542+ba057329.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python-psutil-debugsource-5.6.4-4.module+el8.5.0+12031+10ce4870.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-babel-2.7.0-11.module+el8.5.0+11015+9c1c7c42.noarch.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-debug-3.8.8-4.module+el8.5.0+12205+a865257a.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-debugsource-3.8.8-4.module+el8.5.0+12205+a865257a.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-devel-3.8.8-4.module+el8.5.0+12205+a865257a.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-idle-3.8.8-4.module+el8.5.0+12205+a865257a.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-jinja2-2.10.3-5.module+el8.5.0+10542+ba057329.noarch.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-lxml-4.4.1-6.module+el8.5.0+10542+ba057329.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-numpy-1.17.3-6.module+el8.5.0+12205+a865257a.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-numpy-doc-1.17.3-6.module+el8.5.0+12205+a865257a.noarch.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-numpy-f2py-1.17.3-6.module+el8.5.0+12205+a865257a.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-psutil-5.6.4-4.module+el8.5.0+12031+10ce4870.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-pyyaml-5.4.1-1.module+el8.5.0+10721+14d8e0d5.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-rpm-macros-3.8.8-4.module+el8.5.0+12205+a865257a.noarch.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-test-3.8.8-4.module+el8.5.0+12205+a865257a.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-tkinter-3.8.8-4.module+el8.5.0+12205+a865257a.x86_64.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-urllib3-1.25.7-5.module+el8.5.0+11639+ea5b349d.noarch.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-wheel-0.33.6-6.module+el8.5.0+12205+a865257a.noarch.rpm | Linux |
| (RHSA-2021:4162) python38:3.8 and python38-devel:3.8 security update python38-wheel-wheel-0.33.6-6.module+el8.5.0+12205+a865257a.noarch.rpm | Linux |
| Python38 update (ELSA-2023-3781) python38-3.8.16-1.module+el8.8.0+21120+5d2e4734.1.x86_64.rpm | Linux |
| Python38-Cython update (ELSA-2023-3781) python38-Cython-0.29.14-4.module+el8.4.0+20068+32a535e2.x86_64.rpm | Linux |
| Python38-PyMySQL update (ELSA-2023-3781) python38-PyMySQL-0.10.1-1.module+el8.4.0+20068+32a535e2.noarch.rpm | Linux |
| Python38-asn1crypto update (ELSA-2023-3781) python38-asn1crypto-1.2.0-3.module+el8.4.0+20068+32a535e2.noarch.rpm | Linux |
| Python38-babel update (ELSA-2023-3781) python38-babel-2.7.0-11.module+el8.5.0+20371+4f24d723.noarch.rpm | Linux |
| Python38-cffi update (ELSA-2023-3781) python38-cffi-1.13.2-3.module+el8.4.0+20068+32a535e2.x86_64.rpm | Linux |
| Python38-chardet update (ELSA-2023-3781) python38-chardet-3.0.4-19.module+el8.4.0+20068+32a535e2.noarch.rpm | Linux |
| Python38-cryptography update (ELSA-2023-3781) python38-cryptography-2.8-3.module+el8.4.0+20068+32a535e2.x86_64.rpm | Linux |
| Python38-debug update (ELSA-2023-3781) python38-debug-3.8.16-1.module+el8.8.0+21120+5d2e4734.1.x86_64.rpm | Linux |
| Python38-devel update (ELSA-2023-3781) python38-devel-3.8.16-1.module+el8.8.0+21120+5d2e4734.1.x86_64.rpm | Linux |
| Python38-idle update (ELSA-2023-3781) python38-idle-3.8.16-1.module+el8.8.0+21120+5d2e4734.1.x86_64.rpm | Linux |
| Python38-idna update (ELSA-2023-3781) python38-idna-2.8-6.module+el8.4.0+20068+32a535e2.noarch.rpm | Linux |
| Python38-jinja2 update (ELSA-2023-3781) python38-jinja2-2.11.3-1.module+el8.7.0+20792+22659047.noarch.rpm | Linux |
| Python38-libs update (ELSA-2023-3781) python38-libs-3.8.16-1.module+el8.8.0+21120+5d2e4734.1.x86_64.rpm | Linux |
| Python38-lxml update (ELSA-2023-3781) python38-lxml-4.4.1-7.module+el8.6.0+20556+9910889d.x86_64.rpm | Linux |
| Python38-markupsafe update (ELSA-2023-3781) python38-markupsafe-1.1.1-6.module+el8.4.0+20068+32a535e2.x86_64.rpm | Linux |
| Python38-mod_wsgi update (ELSA-2023-3781) python38-mod_wsgi-4.6.8-4.module+el8.7.0+20869+e1465161.x86_64.rpm | Linux |
| Python38-numpy update (ELSA-2023-3781) python38-numpy-1.17.3-6.module+el8.5.0+20371+4f24d723.x86_64.rpm | Linux |
| Python38-numpy-doc update (ELSA-2023-3781) python38-numpy-doc-1.17.3-6.module+el8.5.0+20371+4f24d723.noarch.rpm | Linux |
| Python38-numpy-f2py update (ELSA-2023-3781) python38-numpy-f2py-1.17.3-6.module+el8.5.0+20371+4f24d723.x86_64.rpm | Linux |
| Python38-pip update (ELSA-2023-3781) python38-pip-19.3.1-6.module+el8.7.0+20792+22659047.noarch.rpm | Linux |
| Python38-pip-wheel update (ELSA-2023-3781) python38-pip-wheel-19.3.1-6.module+el8.7.0+20792+22659047.noarch.rpm | Linux |
| Python38-ply update (ELSA-2023-3781) python38-ply-3.11-10.module+el8.4.0+20068+32a535e2.noarch.rpm | Linux |
| Python38-psutil update (ELSA-2023-3781) python38-psutil-5.6.4-4.module+el8.5.0+20371+4f24d723.x86_64.rpm | Linux |
| Python38-psycopg2 update (ELSA-2023-3781) python38-psycopg2-2.8.4-4.module+el8.4.0+20068+32a535e2.x86_64.rpm | Linux |
| Python38-psycopg2-doc update (ELSA-2023-3781) python38-psycopg2-doc-2.8.4-4.module+el8.4.0+20068+32a535e2.x86_64.rpm | Linux |
| Python38-psycopg2-tests update (ELSA-2023-3781) python38-psycopg2-tests-2.8.4-4.module+el8.4.0+20068+32a535e2.x86_64.rpm | Linux |
| Python38-pycparser update (ELSA-2023-3781) python38-pycparser-2.19-3.module+el8.4.0+20068+32a535e2.noarch.rpm | Linux |
| Python38-pysocks update (ELSA-2023-3781) python38-pysocks-1.7.1-4.module+el8.4.0+20068+32a535e2.noarch.rpm | Linux |
| Python38-pytz update (ELSA-2023-3781) python38-pytz-2019.3-3.module+el8.4.0+20068+32a535e2.noarch.rpm | Linux |
| Python38-pyyaml update (ELSA-2023-3781) python38-pyyaml-5.4.1-1.module+el8.5.0+20371+4f24d723.x86_64.rpm | Linux |
| Python38-requests update (ELSA-2023-3781) python38-requests-2.22.0-9.module+el8.4.0+20068+32a535e2.noarch.rpm | Linux |
| Python38-rpm-macros update (ELSA-2023-3781) python38-rpm-macros-3.8.16-1.module+el8.8.0+21120+5d2e4734.1.noarch.rpm | Linux |
| Python38-scipy update (ELSA-2023-3781) python38-scipy-1.3.1-4.module+el8.4.0+20068+32a535e2.x86_64.rpm | Linux |
| Python38-setuptools update (ELSA-2023-3781) python38-setuptools-41.6.0-5.module+el8.5.0+20371+4f24d723.noarch.rpm | Linux |
| Python38-setuptools-wheel update (ELSA-2023-3781) python38-setuptools-wheel-41.6.0-5.module+el8.5.0+20371+4f24d723.noarch.rpm | Linux |
| Python38-six update (ELSA-2023-3781) python38-six-1.12.0-10.module+el8.4.0+20068+32a535e2.noarch.rpm | Linux |
| Python38-test update (ELSA-2023-3781) python38-test-3.8.16-1.module+el8.8.0+21120+5d2e4734.1.x86_64.rpm | Linux |
| Python38-tkinter update (ELSA-2023-3781) python38-tkinter-3.8.16-1.module+el8.8.0+21120+5d2e4734.1.x86_64.rpm | Linux |
| Python38-urllib3 update (ELSA-2023-3781) python38-urllib3-1.25.7-5.module+el8.5.0+20371+4f24d723.noarch.rpm | Linux |
| Python38-wheel update (ELSA-2023-3781) python38-wheel-0.33.6-6.module+el8.5.0+20371+4f24d723.noarch.rpm | Linux |
| Python38-wheel-wheel update (ELSA-2023-3781) python38-wheel-wheel-0.33.6-6.module+el8.5.0+20371+4f24d723.noarch.rpm | Linux |
| (RHSA-2021:4324)Moderate: security update python-psutil-debugsource-5.4.3-11.el8.x86_64.rpm | Linux |
| (RHSA-2021:4324)Moderate: security update python3-psutil-5.4.3-11.el8.x86_64.rpm | Linux |
| (RHSA-2021:4324)Moderate: security update python3-psutil-debuginfo-5.4.3-11.el8.x86_64.rpm | Linux |
| python-psutil security update (RLSA-2021:4324) python3-psutil-5.4.3-11.el8.x86_64.rpm | Linux |
| Python3-psutil update (ELSA-2021-4324) python3-psutil-5.4.3-11.el8.x86_64.rpm | Linux |
| Moderate: python-psutil security update python3-psutil-5.4.3-11.el8.x86_64.rpm | Linux |
| Vulnerabilities CVE-2019-18874 are fixed in Python-psutil for linux 5.6.6 | Linux |
Patch Details
No records foundReferences
https://nvd.nist.gov/vuln/detail/CVE-2023-1234
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-1234