Arbitrary Code Execution

2019-11-1303:53:48

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

7.5 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

5 Medium

CVSS2

Access Vector

NETWORK

Access Complexity

LOW

Authentication

NONE

Confidentiality Impact

NONE

Integrity Impact

NONE

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:N/I:N/A:P

JSON

python-psutil is vulnerable to arbitrary code execution. Mishandling of refcount within a while or for loop that converts system data into a Python object results in a double-free bug and allows for execution of arbitrary code.

CPENameOperatorVersion
psutille5.6.5
python-psutileq5.0.1__2.el7ost
python-psutileq5.6.7__1.el7
python-psutileq5.0.1__3.el8sat
python-psutileq5.0.1__3.el7sat
python-psutileq5.0.1__2.el7sat
python-psutileq2.2.1__5.el7
python-psutileq5.4.3__7.el8d
python-psutileq5.4.3__2.el7at
python-psutileq5.0.1__1.el7sat

Name	Operator	Version
psutil	le	5.6.5
python-psutil	eq	5.0.1__2.el7ost
python-psutil	eq	5.6.7__1.el7
python-psutil	eq	5.0.1__3.el8sat
python-psutil	eq	5.0.1__3.el7sat
python-psutil	eq	5.0.1__2.el7sat
python-psutil	eq	2.2.1__5.el7
python-psutil	eq	5.4.3__7.el8d
python-psutil	eq	5.4.3__2.el7at
python-psutil	eq	5.0.1__1.el7sat