[Bug 1772] New: Double free corruption in libnftables

Tue Sep 3 08:45:51 CEST 2024

https://bugzilla.netfilter.org/show_bug.cgi?id=1772

            Bug ID: 1772
           Summary: Double free corruption in libnftables
           Product: nftables
           Version: 1.0.x
          Hardware: x86_64
                OS: Ubuntu
            Status: NEW
          Severity: normal
          Priority: P5
         Component: nft
          Assignee: pablo at netfilter.org
          Reporter: nellexplorer at gmail.com

When calling nft_ctx_clear_vars() and then nft_ctx_free() functions
sequentially, double free corruption occurs.
This is due to the fact that after calling xfree(ctx->vars) in the
nft_ctx_clear_vars function, dereferencing the pointer does not occur.

Steps to reproduce:

1. Call nft_ctx_clear_vars();
2. Call nft_ctx_free().

-- 
You are receiving this mail because:
You are watching all bug changes.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.netfilter.org/pipermail/netfilter-buglog/attachments/20240903/88fa54a4/attachment.html>