AZL-26870 CVE-2023-31147 affecting package fluent-bit for versions less than 2.1.10-1

🗓️ 25 May 2023 22:15:09Reported by GoogleType

osv🔗 osv.dev👁 3 Views

Vulnerability 2023 31147 affects fluent bit before 2.1.10-1; c-ares uses non cryptographically secure random numbers when /dev/urandom is missing; fixed in 1.19.1.

Reporter	Title	Published	Views	Family All 213
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to loss of confidentiality and loss of integrity due to [CVE-2023-31124], [CVE-2023-31130], [CVE-2023-31147]	28 Jul 202314:35	–	ibm
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in CloudPak for Watson AIOps	26 Mar 202503:54	–	ibm
IBM Security Bulletins	Security Bulletin: IBM QRadar Data Synchronization App for IBM QRadar SIEM is vulnerable to using components with known vulnerabilities	15 Apr 202503:57	–	ibm
Tenable Nessus	Amazon Linux 2023 : c-ares, c-ares-devel (ALAS2023-2023-198)	8 Jun 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2023 : ecs-service-connect-agent (ALAS2023-2023-344)	20 Sep 202300:00	–	nessus
Tenable Nessus	Amazon Linux 2 : c-ares (ALAS-2024-2646)	3 Oct 202400:00	–	nessus
Tenable Nessus	Amazon Linux 2 : ecs-service-connect-agent, --advisory ALAS2ECS-2023-007 (ALASECS-2023-007)	27 Sep 202300:00	–	nessus
Tenable Nessus	AlmaLinux 9 : nodejs:18 (ALSA-2023:3577)	15 Jun 202300:00	–	nessus
Tenable Nessus	AlmaLinux 8 : nodejs:16 (ALSA-2023:4034)	12 Jul 202300:00	–	nessus
Tenable Nessus	AlmaLinux 8 : nodejs:18 (ALSA-2023:4035)	12 Jul 202300:00	–	nessus

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-31147

21 Apr 2026 04:23Current

6.7Medium risk

Vulners AI Score6.7

CVSS 3.16.5

EPSS0.00103