subject:"\[ovs\-discuss\] A use\-after\-free defect was discovered at line 1251 of the file \/ovs\/ovsdb\/transaction.c."

Re: [ovs-discuss] A use-after-free defect was discovered at line 1251 of the file /ovs/ovsdb/transaction.c.

2024-03-11 Thread Ilya Maximets via discuss

On 3/11/24 03:58, 尹麓鸣 via discuss wrote:
> Dear OpenvSwitch Developers,
> 
> I hope this email finds you well. I am writing to report a potential 
> vulnerability found in the /ovs/ovsdb/transaction.c file.
> 
> Upon investigation, it has been discovered that there exists a use-after-free 
> defect at line 1251 of the mentioned file. For detailed information regarding 
> this defect, please refer to the following link: 
> https://github.com/LuMingYinDetect/openvswitch_defects/blob/main/openvswitch_detect_1.md
>  
> .
> 
> As a responsible member of the community, I believe it is crucial to promptly 
> address such security concerns to ensure the integrity and reliability of the 
> Open vSwitch project.
> 
> Thank you for your attention to this matter. Please let me know if you 
> require any further information or assistance from my end.
> 
> Best regards,
> LuMingYin

Hi, LuMingYin.

Thanks for the report.  See my reply on the github issue:
  https://github.com/openvswitch/ovs-issues/issues/322

This is not a security issue, because the code in question is not
reachable, however, for the future, please report security issues
to ovs-secur...@openvswitch.org instead of public forums.  Thanks!

If you want to make a cosmetic change removing the incorrect
ovsdb_transaction_abort() call, feel free to post a patch to
ovs-...@openvswitch.org.

Best regards, Ilya Maximets.
___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

[ovs-discuss] A use-after-free defect was discovered at line 1251 of the file /ovs/ovsdb/transaction.c.

2024-03-11 Thread 尹麓鸣 via discuss

Dear OpenvSwitch Developers,

I hope this email finds you well. I am writing to report a potential 
vulnerability found in the /ovs/ovsdb/transaction.c file.

Upon investigation, it has been discovered that there exists a use-after-free 
defect at line 1251 of the mentioned file. For detailed information regarding 
this defect, please refer to the following link: 
https://github.com/LuMingYinDetect/openvswitch_defects/blob/main/openvswitch_detect_1.md.

As a responsible member of the community, I believe it is crucial to promptly 
address such security concerns to ensure the integrity and reliability of the 
Open vSwitch project.

Thank you for your attention to this matter. Please let me know if you require 
any further information or assistance from my end.

Best regards,

LuMingYin___
discuss mailing list
disc...@openvswitch.org
https://mail.openvswitch.org/mailman/listinfo/ovs-discuss

Re: [ovs-discuss] A use-after-free defect was discovered at line 1251 of the file /ovs/ovsdb/transaction.c.

[ovs-discuss] A use-after-free defect was discovered at line 1251 of the file /ovs/ovsdb/transaction.c.

2 matches

Site Navigation

Mail list logo

Footer information