CVE-2021-27186

2021-02-1022:15:13

Google

osv.dev

6.9 Medium

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

59.4%

JSON

Fluent Bit 1.6.10 has a NULL pointer dereference when an flb_malloc return value is not validated by flb_avro.c or http_server/api/v1/metrics.c.

CPENameOperatorVersion
fluent-biteq0.8.2
fluent-biteq1.4.0
fluent-biteq1.6.0
fluent-biteq0.13-dev-0.12
fluent-biteq0.13-dev-0.8
fluent-biteq0.13-dev-0.15
fluent-biteq1.5.0
fluent-biteq0.10.0
fluent-biteq0.4
fluent-biteq0.6.0

Name	Operator	Version
fluent-bit	eq	0.8.2
fluent-bit	eq	1.4.0
fluent-bit	eq	1.6.0
fluent-bit	eq	0.13-dev-0.12
fluent-bit	eq	0.13-dev-0.8
fluent-bit	eq	0.13-dev-0.15
fluent-bit	eq	1.5.0
fluent-bit	eq	0.10.0
fluent-bit	eq	0.4
fluent-bit	eq	0.6.0