CVE-2024-45402

Summary

CVE-2024-45402 is a vulnerability affecting Picotls, a TLS protocol library that enables users to select different crypto backends. When processing a maliciously crafted TLS handshake message, Picotls may inadvertently attempt to free memory twice. This double free occurs during the disposal of multiple objects without proper memory allocation. While the malloc implementation usually detects this error and halts the process, under specific conditions, it could result in a use-after-free scenario. Potentially, this could lead to arbitrary code execution, depending on the crypto backend being employed. The issue is resolved with commit 9b88159ce763d680e4a13b6e8f3171ae923a535d.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.