1. CVE-Search
  2. CVE-2019-18874
ID CVE-2019-18874
Summary psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.
References
Vulnerable Configurations
  • cpe:2.3:a:psutil_project:psutil:0.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:0.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:0.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:0.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:0.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:0.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:0.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:0.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:0.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:0.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:0.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:0.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:0.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:0.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:0.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:0.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:0.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:0.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:0.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:0.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:0.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:0.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:0.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:0.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:0.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:0.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:0.7.0:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:0.7.0:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:0.7.1:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:0.7.1:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:1.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:1.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:1.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:1.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:1.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:1.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:1.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:1.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:1.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:1.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:1.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:1.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:1.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:1.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:2.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:2.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:2.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:2.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:2.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:2.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:2.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:2.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:2.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:2.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:2.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:2.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:2.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:2.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:3.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:3.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:3.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:3.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:3.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:3.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:3.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:3.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:3.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:3.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:3.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:3.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:3.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:3.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:3.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:3.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:3.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:3.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:3.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:3.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:4.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:4.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:4.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:4.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:4.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:4.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:4.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:4.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:4.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:4.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:4.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:4.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:4.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:4.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:4.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:4.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:5.0.0:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:5.0.0:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:5.0.1:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:5.0.1:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:5.1.0:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:5.1.0:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:5.1.1:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:5.1.1:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:5.1.2:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:5.1.2:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:5.1.3:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:5.1.3:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:5.2.0:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:5.2.0:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:5.2.1:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:5.2.1:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:5.2.2:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:5.2.2:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:5.3.0:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:5.3.0:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:5.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:5.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:5.4.0:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:5.4.0:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:5.4.1:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:5.4.1:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:5.4.2:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:5.4.2:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:5.4.3:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:5.4.3:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:5.4.4:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:5.4.4:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:5.4.5:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:5.4.5:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:5.4.6:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:5.4.6:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:5.4.7:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:5.4.7:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:5.4.8:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:5.4.8:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:5.5.0:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:5.5.0:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:5.5.1:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:5.5.1:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:5.6.0:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:5.6.0:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:5.6.1:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:5.6.1:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:5.6.2:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:5.6.2:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:5.6.3:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:5.6.3:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:5.6.4:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:5.6.4:*:*:*:*:*:*:*
  • cpe:2.3:a:psutil_project:psutil:5.6.5:*:*:*:*:*:*:*
    cpe:2.3:a:psutil_project:psutil:5.6.5:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 18-11-2019 - 21:15)
Impact:
Exploitability:
CWE CWE-415
CAPEC
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
NONE NONE PARTIAL
cvss-vector via4 AV:N/AC:L/Au:N/C:N/I:N/A:P
redhat via4
rpms
  • python-psutil-debuginfo-0:5.6.6-1.el7ar
  • python2-psutil-0:5.6.6-1.el7ar
  • python-psutil-debuginfo-0:5.6.6-1.el7ar
  • python2-psutil-0:5.6.6-1.el7ar
  • python-psutil-debuginfo-0:5.6.6-1.el7ar
  • python2-psutil-0:5.6.6-1.el7ar
  • rh-python38-python-0:3.8.6-1.el7
  • rh-python38-python-debug-0:3.8.6-1.el7
  • rh-python38-python-debuginfo-0:3.8.6-1.el7
  • rh-python38-python-devel-0:3.8.6-1.el7
  • rh-python38-python-idle-0:3.8.6-1.el7
  • rh-python38-python-libs-0:3.8.6-1.el7
  • rh-python38-python-psutil-0:5.6.4-5.el7
  • rh-python38-python-psutil-debuginfo-0:5.6.4-5.el7
  • rh-python38-python-rpm-macros-0:3.8.6-1.el7
  • rh-python38-python-srpm-macros-0:3.8.6-1.el7
  • rh-python38-python-test-0:3.8.6-1.el7
  • rh-python38-python-tkinter-0:3.8.6-1.el7
  • rh-python38-python-urllib3-0:1.25.7-6.el7
refmap via4
fedora
  • FEDORA-2020-021fb887ac
  • FEDORA-2020-a06ebafad8
misc https://github.com/giampaolo/psutil/pull/1616
mlist [debian-lts-announce] 20191118 [SECURITY] [DLA 1998-1] python-psutil security update
ubuntu USN-4204-1
Last major update 18-11-2019 - 21:15
Published 12-11-2019 - 02:15
Last modified 18-11-2019 - 21:15
Back to Top