CVE-2021-46879

An issue was discovered in Treasure Data Fluent Bit 1.7.1, a wrong variable is used to get the msgpack data resulting in a heap overflow in flb_msgpack_gelf_value_ext. An attacker can craft a malicious file and tick the victim to open the file with the software, triggering a heap overflow and execute arbitrary code on the target system.
References
Link Resource
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26851 Exploit Issue Tracking Patch Third Party Advisory
https://github.com/fluent/fluent-bit/pull/3100 Patch
Configurations

Configuration 1 (hide)

cpe:2.3:a:treasuredata:fluent_bit:1.7.1:*:*:*:*:*:*:*

History

No history.

Information

Published : 2023-04-11 18:15

Updated : 2024-02-28 20:13


NVD link : CVE-2021-46879

Mitre link : CVE-2021-46879

CVE.ORG link : CVE-2021-46879


JSON object : View

Products Affected

treasuredata

  • fluent_bit
CWE
CWE-787

Out-of-bounds Write