On 3/11/24 03:58, 尹麓鸣 via discuss wrote: > Dear OpenvSwitch Developers, > > I hope this email finds you well. I am writing to report a potential > vulnerability found in the /ovs/ovsdb/transaction.c file. > > Upon investigation, it has been discovered that there exists a use-after-free > defect at line 1251 of the mentioned file. For detailed information regarding > this defect, please refer to the following link: > https://github.com/LuMingYinDetect/openvswitch_defects/blob/main/openvswitch_detect_1.md > > <https://github.com/LuMingYinDetect/openvswitch_defects/blob/main/openvswitch_detect_1.md>. > > As a responsible member of the community, I believe it is crucial to promptly > address such security concerns to ensure the integrity and reliability of the > Open vSwitch project. > > Thank you for your attention to this matter. Please let me know if you > require any further information or assistance from my end. > > Best regards, > LuMingYin
Hi, LuMingYin. Thanks for the report. See my reply on the github issue: https://github.com/openvswitch/ovs-issues/issues/322 This is not a security issue, because the code in question is not reachable, however, for the future, please report security issues to ovs-secur...@openvswitch.org instead of public forums. Thanks! If you want to make a cosmetic change removing the incorrect ovsdb_transaction_abort() call, feel free to post a patch to ovs-...@openvswitch.org. Best regards, Ilya Maximets. _______________________________________________ discuss mailing list disc...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-discuss
