EUVD-2024-41460

Malicious code in bioql PyPI...

CVE-2024-45402

Picotls is a TLS protocol library that allows users select different crypto backends based on their use case. When parsing a spoofed TLS handshake message, picotls specifically, bindings within picotls that call the crypto libraries may attempt to free the same memory twice. This double free occu...

CVE-2024-45402

Picotls is a TLS protocol library that allows users select different crypto backends based on their use case. When parsing a spoofed TLS handshake message, picotls specifically, bindings within picotls that call the crypto libraries may attempt to free the same memory twice. This double free occu...

CVE-2024-45402 Picotls double free

Picotls is a TLS protocol library that allows users select different crypto backends based on their use case. When parsing a spoofed TLS handshake message, picotls specifically, bindings within picotls that call the crypto libraries may attempt to free the same memory twice. This double free occu...

CVE-2024-45402 Picotls double free

Picotls is a TLS protocol library that allows users select different crypto backends based on their use case. When parsing a spoofed TLS handshake message, picotls specifically, bindings within picotls that call the crypto libraries may attempt to free the same memory twice. This double free occu...

CVE-2024-45402 Picotls double free

Picotls is a TLS protocol library that allows users select different crypto backends based on their use case. When parsing a spoofed TLS handshake message, picotls specifically, bindings within picotls that call the crypto libraries may attempt to free the same memory twice. This double free occu...

CVE-2024-45402

CVE-2024-45402 describes a double free in Picotls when parsing a spoofed TLS handshake, specifically in bindings that call crypto libraries. The issue causes the same memory to be freed twice during disposal of multiple objects with no intervening malloc, potentially triggering malloc abort and, ...

Picotls 资源管理错误漏洞

picotls is an RFC 8446 protocol stack written in C that is open source by H2O. A resource management error vulnerability exists in Picotls that stems from the presence of a double release, which could lead to reuse after release and could also allow arbitrary code execution...

PT-2024-31606 · Picotls · Picotls

Name of the Vulnerable Software and Affected Versions: Picotls versions prior to the latest release Description: The issue arises when parsing a spoofed TLS handshake message, causing picotls to attempt to free the same memory twice. This double free occurs during the disposal of multiple objects...

picotls/fuzz-asn1: Heap-buffer-overflow in ptls_asn1_read_type

Project: https://github.com/h2o/picotls.git Detailed report: https://oss-fuzz.com/testcase?key=5687824386359296 Project: picotls Fuzzer: aflpicotlsfuzz-asn1 Fuzz target binary: fuzz-asn1 Job Type: aflasanpicotls Platform Id: linux Crash Type: Heap-buffer-overflow READ 1 Crash Address:...

picotls/fuzz-asn1: Crash in ptls_asn1_validation_recursive

Project: https://github.com/h2o/picotls.git Detailed report: https://oss-fuzz.com/testcase?key=5688525536624640 Project: picotls Fuzzer: libFuzzerpicotlsfuzz-asn1 Fuzz target binary: fuzz-asn1 Job Type: libfuzzerasanpicotls Platform Id: linux Crash Type: UNKNOWN READ Crash Address: 0x6190bebebf97...

picotls/fuzz-server-hello: Heap-buffer-overflow in ptls_set_negotiated_protocol

Project: https://github.com/h2o/picotls.git Detailed report: https://oss-fuzz.com/testcase?key=5123788977471488 Project: picotls Fuzzer: libFuzzerpicotlsfuzz-server-hello Fuzz target binary: fuzz-server-hello Job Type: libfuzzerasanpicotls Platform Id: linux Crash Type: Heap-buffer-overflow READ...