{"id":"PYSEC-2019-41","details":"psutil (aka python-psutil) through 5.6.5 can have a double free. This occurs because of refcount mishandling within a while or for loop that converts system data into a Python object.","aliases":["CVE-2019-18874","GHSA-qfc5-mcwq-26q8"],"modified":"2023-11-01T05:42:32.781109Z","published":"2019-11-12T02:15:00Z","references":[{"type":"WEB","url":"https://github.com/giampaolo/psutil/pull/1616"},{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2019/11/msg00018.html"},{"type":"WEB","url":"https://usn.ubuntu.com/4204-1/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2P7QI7MOTZTFXQYU23CP3RAWXCERMOAS/"},{"type":"WEB","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OLETTJYZL2SMBUI4Q2NGBMGPDPP54SRG/"},{"type":"ADVISORY","url":"https://github.com/advisories/GHSA-qfc5-mcwq-26q8"}],"affected":[{"package":{"name":"psutil","ecosystem":"PyPI","purl":"pkg:pypi/psutil"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"5.6.6"}]}],"versions":["0.1.0","0.1.1","0.1.2","0.1.3","0.2.0","0.2.1","0.3.0","0.4.0","0.4.1","0.5.0","0.5.1","0.6.0","0.6.1","0.7.0","0.7.1","1.0.0","1.0.1","1.1.0","1.1.1","1.1.2","1.1.3","1.2.0","1.2.1","2.0.0","2.1.0","2.1.1","2.1.2","2.1.3","2.2.0","2.2.1","3.0.0","3.0.1","3.1.0","3.1.1","3.2.0","3.2.1","3.2.2","3.3.0","3.4.0","3.4.1","3.4.2","4.0.0","4.1.0","4.2.0","4.3.0","4.3.1","4.4.0","4.4.1","4.4.2","5.0.0","5.0.1","5.1.0","5.1.1","5.1.2","5.1.3","5.2.0","5.2.1","5.2.2","5.3.0","5.3.1","5.4.0","5.4.1","5.4.2","5.4.3","5.4.4","5.4.5","5.4.6","5.4.7","5.4.8","5.5.0","5.5.1","5.6.0","5.6.1","5.6.2","5.6.3","5.6.4","5.6.5"],"database_specific":{"source":"https://github.com/pypa/advisory-database/blob/main/vulns/psutil/PYSEC-2019-41.yaml"}}],"schema_version":"1.7.3"}