Total
6 CVE
CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
---|---|---|---|---|---|
CVE-2021-36088 | 1 Treasuredata | 1 Fluent Bit | 2024-11-21 | 7.5 HIGH | 9.8 CRITICAL |
Fluent Bit (aka fluent-bit) 1.7.0 through 1.7.4 has a double free in flb_free (called from flb_parser_json_do and flb_parser_do). | |||||
CVE-2021-27186 | 1 Treasuredata | 1 Fluent Bit | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
Fluent Bit 1.6.10 has a NULL pointer dereference when an flb_malloc return value is not validated by flb_avro.c or http_server/api/v1/metrics.c. | |||||
CVE-2020-35963 | 2 Linux, Treasuredata | 2 Linux Kernel, Fluent Bit | 2024-11-21 | 6.8 MEDIUM | 7.8 HIGH |
flb_gzip_compress in flb_gzip.c in Fluent Bit before 1.6.4 has an out-of-bounds write because it does not use the correct calculation of the maximum gzip data-size expansion. | |||||
CVE-2019-9749 | 1 Treasuredata | 1 Fluent Bit | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
An issue was discovered in the MQTT input plugin in Fluent Bit through 1.0.4. When this plugin acts as an MQTT broker (server), it mishandles incoming network messages. After processing a crafted packet, the plugin's mqtt_packet_drop function (in /plugins/in_mqtt/mqtt_prot.c) executes the memmove() function with a negative size parameter. That leads to a crash of the whole Fluent Bit server via a SIGSEGV signal. | |||||
CVE-2021-46878 | 1 Treasuredata | 1 Fluent Bit | 2024-02-28 | N/A | 7.8 HIGH |
An issue was discovered in Treasure Data Fluent Bit 1.7.1, erroneous parsing in flb_pack_msgpack_to_json_format leads to type confusion bug that interprets whatever is on the stack as msgpack maps and arrays, leading to use-after-free. This can be used by an attacker to craft a specially craft file and trick the victim opening it using the affect software, triggering use-after-free and execute arbitrary code on the target system. | |||||
CVE-2021-46879 | 1 Treasuredata | 1 Fluent Bit | 2024-02-28 | N/A | 7.8 HIGH |
An issue was discovered in Treasure Data Fluent Bit 1.7.1, a wrong variable is used to get the msgpack data resulting in a heap overflow in flb_msgpack_gelf_value_ext. An attacker can craft a malicious file and tick the victim to open the file with the software, triggering a heap overflow and execute arbitrary code on the target system. |