CVE-2019-18874

Aliases:GHSA-qfc5-mcwq-26q8PYSEC-2019-41

Advisory lineage Upstream: 0 Downstream: 16

Downstream

ALPINE-CVE-2019-18874 DEBIAN-CVE-2019-18874 DLA-1998-1 MGASA-2019-0370 RHSA-2020:2583 RHSA-2020:2593

Modified

Published: 12 Nov 2019, 01:30

Last modified:05 Aug 2024, 02:02

Vulnerability Summary

Overall Risk (default)

medium

30/100

CVSS Score

7.5 HIGH

v3.1 (nvd)

EPSS Score

0.18% LOW

0% probability +0.06%

KEV

Not listed

Ransomware

No reports

Public exploits

None found

Dark Web

Not detected

Timeline

12 Nov 2019, 01:30

Published

Vulnerability first disclosed

05 Aug 2024, 02:02

Last Modified

Vulnerability information updated

Description

psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.

CVSS Metrics

v4.0•HIGH•Score: 8.7CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N
v3.1•HIGH•Score: 7.5CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
v2.0•MEDIUM•Score: 5AV:N/AC:L/Au:N/C:N/I:N/A:P

EPSS Trends

Current EPSS score: 0.18%• Percentile: 39%

Techniques & Countermeasures

CWE-415•Double Free
The product calls free() twice on the same memory address.

Affected Systems

psutil_project•psutil
≤ 5.6.5
PyPI•psutil
< 5.6.6