VDB
RHSA-2020%3A4254
RHSA-2020%3A4254
PUBLISHED
CVSS 7 HIGH
A double free issue has been discovered in python-psutil because of the mishandling of refcounts while converting system data into Python objects in functions like psutil_disk_partitions(), psutil_users(), psutil_net_if_addrs(), and others. In particular cases, a local attacker may be able to get code execution by manipulating system resources that python-psutil then tries to convert.
Risk Scores
CVSS 3.0
7
CVSS:3.0/AV:L/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | ansible-tower-37/ansible-runner-rhel7@sha256:6f0b354be83503e3ee052383dadd8d2cb4c0b5a4d27bdea3563da591df0d8a5d_amd64 as a component of Red Hat Ansible Tower 3.7 for RHEL 7 | ansible-tower-37/ansible-runner-rhel7@sha256:6f0b354be83503e3ee052383dadd8d2cb4c0b5a4d27bdea3563da591df0d8a5d_amd64 |
Timeline
- Oct 14, 2020 CVE Published
- Nov 21, 2025 CVE Updated
- May 1, 2026 Distribution Patch
- May 1, 2026 Distribution Patch
- May 1, 2026 Security Advisory
- May 1, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2020:4254 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=1772014 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2020/rhsa-2020_4254.json advisory
- https://access.redhat.com/security/cve/CVE-2019-18874 advisory
- https://www.cve.org/CVERecord?id=CVE-2019-18874 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2019-18874 advisory