Lucene search
PRIOn knowledge basePRION:CVE-2021-46878HistoryApr 11, 2023 - 6:15 p.m.
Type confusion
2023-04-1118:15:00
PRIOn knowledge base
www.prio-n.com
1
treasure data
fluent bit 1.7.1
type confusion
vulnerability
parsing
stack
use-after-free
attack
crafted file
execution
arbitrary code
0.001 Low
EPSS
Percentile
39.6%
An issue was discovered in Treasure Data Fluent Bit 1.7.1, erroneous parsing in flb_pack_msgpack_to_json_format leads to type confusion bug that interprets whatever is on the stack as msgpack maps and arrays, leading to use-after-free. This can be used by an attacker to craft a specially craft file and trick the victim opening it using the affect software, triggering use-after-free and execute arbitrary code on the target system.
| CPE | Name | Operator | Version |
|---|---|---|---|
| fluent_bit | eq | 1.7.1 |
Related
cbl_mariner
cbl_mariner
CVE-2021-46878 affecting package fluent-bit 1.5.2-2
2023-05-25 17:55:45
osv
osv
BIT-fluent-bit-2021-46878
2024-03-06 10:52:01
CVE-2021-46878
2023-04-11 18:15:58
cve
cve
CVE-2021-46878
2023-04-11 18:15:58
cvelist
cvelist
CVE-2021-46878
2023-04-11 00:00:00
nvd
nvd
CVE-2021-46878
2023-04-11 18:15:58