FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

py-psutil -- double free vulnerability

Affected packages
py310-psutil121 < 5.6.6
py311-psutil121 < 5.6.6
py37-psutil121 < 5.6.6
py38-psutil121 < 5.6.6
py39-psutil121 < 5.6.6

Details

VuXML ID 374793ad-2720-4c4a-b86c-fc4a1780deac
Discovery 2019-11-12
Entry 2023-04-10

ret2libc reports:

psutil (aka python-psutil) through 5.6.5 can have a double free.

This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.

[source]

References

CVE Name CVE-2019-18874
URL https://osv.dev/vulnerability/GHSA-qfc5-mcwq-26q8
URL https://osv.dev/vulnerability/PYSEC-2019-41

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.