Double-free bug in Picotls TLS protocol library could lead to arbitrary code execution
CVE-2024-45402

9.8CRITICAL

Key Information:

Vendor
H2o
Status
Picotls
Vendor
CVE Published:
11 October 2024

Summary

The Picotls TLS protocol library has a vulnerability that can occur when handling a spoofed TLS handshake message. The issue arises during memory management where the library may attempt to free the same memory segment multiple times. This double free occurs during the disposal of various objects without any intermediate memory allocation. Although typically this error would be detected by the malloc mechanism, the unique characteristics of the underlying malloc implementation, coupled with the specific crypto backend used, could allow this flaw to lead to a use-after-free condition. Such a scenario may enable an attacker to execute arbitrary code, thus posing significant security risks. The issue has been addressed in the commit identified as 9b88159ce763d680e4a13b6e8f3171ae923a535d.

Affected Version(s)

picotls < 9b88159ce763d680e4a13b6e8f3171ae923a535d

References

https://github.com/h2o/picotls/security/advisories/GHSA-w...
x_refsource_CONFIRM
https://github.com/h2o/picotls/commit/9b88159ce763d680e4a...
x_refsource_MISC

CVSS V3.1

Score:
9.8
Severity:
CRITICAL
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.
CVE-2024-45402 : Double-free bug in Picotls TLS protocol library could lead to arbitrary code execution | SecurityVulnerability.io