Filtered by vendor Treasuredata Subscriptions
Filtered by product Fluent Bit Subscriptions
Total 6 CVE
CVE Vendors Products Updated CVSS v3.1
CVE-2021-46879 1 Treasuredata 1 Fluent Bit 2024-11-21 7.8 High
An issue was discovered in Treasure Data Fluent Bit 1.7.1, a wrong variable is used to get the msgpack data resulting in a heap overflow in flb_msgpack_gelf_value_ext. An attacker can craft a malicious file and tick the victim to open the file with the software, triggering a heap overflow and execute arbitrary code on the target system.
CVE-2021-46878 1 Treasuredata 1 Fluent Bit 2024-11-21 7.8 High
An issue was discovered in Treasure Data Fluent Bit 1.7.1, erroneous parsing in flb_pack_msgpack_to_json_format leads to type confusion bug that interprets whatever is on the stack as msgpack maps and arrays, leading to use-after-free. This can be used by an attacker to craft a specially craft file and trick the victim opening it using the affect software, triggering use-after-free and execute arbitrary code on the target system.
CVE-2021-36088 1 Treasuredata 1 Fluent Bit 2024-11-21 9.8 Critical
Fluent Bit (aka fluent-bit) 1.7.0 through 1.7.4 has a double free in flb_free (called from flb_parser_json_do and flb_parser_do).
CVE-2021-27186 1 Treasuredata 1 Fluent Bit 2024-11-21 7.5 High
Fluent Bit 1.6.10 has a NULL pointer dereference when an flb_malloc return value is not validated by flb_avro.c or http_server/api/v1/metrics.c.
CVE-2020-35963 2 Linux, Treasuredata 2 Linux Kernel, Fluent Bit 2024-11-21 7.8 High
flb_gzip_compress in flb_gzip.c in Fluent Bit before 1.6.4 has an out-of-bounds write because it does not use the correct calculation of the maximum gzip data-size expansion.
CVE-2019-9749 1 Treasuredata 1 Fluent Bit 2024-11-21 7.5 High
An issue was discovered in the MQTT input plugin in Fluent Bit through 1.0.4. When this plugin acts as an MQTT broker (server), it mishandles incoming network messages. After processing a crafted packet, the plugin's mqtt_packet_drop function (in /plugins/in_mqtt/mqtt_prot.c) executes the memmove() function with a negative size parameter. That leads to a crash of the whole Fluent Bit server via a SIGSEGV signal.