Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
445
VMScore

CVE-2019-18874

Published: 12/11/2019 Updated: 07/11/2023
CVSS v2 Base Score: 5 | Impact Score: 2.9 | Exploitability Score: 10
CVSS v3 Base Score: 7.5 | Impact Score: 3.6 | Exploitability Score: 3.9
VMScore: 445
Vector: AV:N/AC:L/Au:N/C:N/I:N/A:P
Subscribe to Psutil

Vulnerability Summary

psutil (aka python-psutil) up to and including 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

psutil project psutil

Vendor Advisories

Debian CVElist Bug Report Logs: python-psutil: CVE-2019-18874
Debian Bug report logs - #944605 python-psutil: CVE-2019-18874 Package: src:python-psutil; Maintainer for src:python-psutil is Sandro Tosi <morph@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Tue, 12 Nov 2019 15:09:02 UTC Severity: important Tags: security, upstream Found in version python ...
Ubuntu Security Notice: python-psutil vulnerability
psutil could be made to crash or run programs ...
Red Hat: Moderate: OpenShift Container Platform 4.3.26 python-psutil security update
Synopsis Moderate: OpenShift Container Platform 4326 python-psutil security update Type/Severity Security Advisory: Moderate Topic An update for python-psutil is now available for Red Hat OpenShift Container Platform 43Red Hat Product Security has rated this update as having a security impact of Moderat ...
Red Hat: Moderate: OpenShift Container Platform 4.2.36 python-psutil security update
Synopsis Moderate: OpenShift Container Platform 4236 python-psutil security update Type/Severity Security Advisory: Moderate Topic An update for python-psutil is now available for Red Hat OpenShift Container Platform 42Red Hat Product Security has rated this update as having a security impact of Moderat ...
Red Hat: Moderate: security update - Red Hat Ansible Tower 3.6 runner release (CVE-2019-18874)
Synopsis Moderate: security update - Red Hat Ansible Tower 36 runner release (CVE-2019-18874) Type/Severity Security Advisory: Moderate Topic Red Hat Ansible Tower 36 runner release (CVE-2019-18874) Description Updated python-psutil version to 566 inside ansible-runner container(CVE-20 ...
Red Hat: Moderate: rh-python38 security, bug fix, and enhancement update
Synopsis Moderate: rh-python38 security, bug fix, and enhancement update Type/Severity Security Advisory: Moderate Topic An update for rh-python38-python, rh-python38-python-psutil, and rh-python38-python-urllib3 is now available for Red Hat Software CollectionsRed Hat Product Security has rated this updat ...
Red Hat: Moderate: OpenShift Container Platform 4.11.0 extras and security update
Synopsis Moderate: OpenShift Container Platform 4110 extras and security update Type/Severity Security Advisory: Moderate Topic Red Hat OpenShift Container Platform release 4110 is now available withupdates to packages and images that fix several bugs and add enhancementsThis release includes a security update for Red Hat OpenShift Conta ...
Red Hat: Moderate: security update - Red Hat Ansible Tower 3.7 runner release (CVE-2019-18874)
Synopsis Moderate: security update - Red Hat Ansible Tower 37 runner release (CVE-2019-18874) Type/Severity Security Advisory: Moderate Topic Red Hat Ansible Tower 37 runner release (CVE-2019-18874) Description Updated python-psutil version to 566 inside ansible-runner container (CVE-2 ...
Red Hat: Moderate: security update - Red Hat Ansible Tower 3.7.4-1 - RHEL7 Container
Synopsis Moderate: security update - Red Hat Ansible Tower 374-1 - RHEL7 Container Type/Severity Security Advisory: Moderate Topic Red Hat Ansible Tower 374-1 - RHEL7 Container Description Fixed two jQuery vulnerabilities (CVE-2020-11022, CVE-2020-11023) Improved Ansible Tower's web se ...

References

CWE-415https://github.com/giampaolo/psutil/pull/1616https://lists.debian.org/debian-lts-announce/2019/11/msg00018.htmlhttps://usn.ubuntu.com/4204-1/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/2P7QI7MOTZTFXQYU23CP3RAWXCERMOAS/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OLETTJYZL2SMBUI4Q2NGBMGPDPP54SRG/https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=944605https://usn.ubuntu.com/4204-1/https://nvd.nist.gov
VMScore
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2006-4304CVE-2024-4240arbitrary CVE-2024-31601XSSCVE-2023-20198CVE-2024-4256CVE-2024-3342encryption
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook