AZL-59742 CVE-2025-31498 affecting package fluent-bit for versions less than 3.1.9-4

🗓️ 08 Apr 2025 14:15:35Reported by GoogleType

osv

osv🔗 osv.dev👁 3 Views

AZL-59742 CVE-2025-31498: fluent-bit <3.1.9-4 vulnerable; c-ares use-after-free fixed in 1.34.5.

Reporter	Title	Published	Views	Family All 132
IBM Security Bulletins	Security Bulletin: Multiple Vulnerabilities in IBM CloudPak for AIOps	25 Jun 202513:52	–	ibm
IBM Security Bulletins	Security Bulletin: Use-After-Free Vulnerability in c-ares read_answers() Function (v1.32.3–v1.34.4) affects watsonx.data	10 Apr 202606:02	–	ibm
IBM Security Bulletins	Security Bulletin: IBM DataPower Gateway vulnerable to a denial of service due to C-Ares	4 Dec 202513:28	–	ibm
IBM Security Bulletins	Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates	30 Jun 202513:27	–	ibm
Tenable Nessus	Amazon Linux 2023 : nodejs20, nodejs20-devel, nodejs20-full-i18n (ALAS2023-2025-942)	29 Apr 202500:00	–	nessus
Tenable Nessus	Alibaba Cloud Linux 3 : 0062: nodejs:20 (ALINUX3-SA-2025:0062)	19 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 8 : nodejs:22 (ALSA-2025:4459)	8 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 8 : nodejs:20 (ALSA-2025:4461)	8 May 202500:00	–	nessus
Tenable Nessus	AlmaLinux 9 : nodejs:20 (ALSA-2025:7426)	3 Jul 202500:00	–	nessus
Tenable Nessus	AlmaLinux 9 : nodejs:22 (ALSA-2025:7433)	21 May 202500:00	–	nessus

Source	Link
nvd	www.nvd.nist.gov/vuln/detail/CVE-2025-31498

21 Apr 2026 04:37Current

6.7Medium risk

Vulners AI Score6.7

CVSS 48.3

EPSS0.00651

SSVC

fluent bit vulnerability cares use after free dns cookie failure tcp queries issue