AZL-76457 CVE-2025-63651 affecting package fluent-bit 3.0.6-6

A use-after-free in the mkstringcharsearch function mkcore/mkstring.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...

BIT-FLUENT-BIT-2024-26455

fluent-bit 2.2.2 contains a Use-After-Free vulnerability in /fluent-bit/plugins/customcalyptia/calyptia.c...

CVE-2025-29477

An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consumeevent...

Azure Linux 3.0 Security Update: fluent-bit / nghttp2 / nodejs / nodejs18 (CVE-2024-28182)

The version of fluent-bit / nghttp2 / nodejs / nodejs18 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-28182 advisory. - nghttp2 is an implementation of the Hypertext Transfer Protocol version 2 ...

PT-2024-21382 · Unknown · Fluent-Bit

Name of the Vulnerable Software and Affected Versions: fluent-bit version 2.2.2 Description: The issue is a Use-After-Free vulnerability located in the /fluent-bit/plugins/custom calyptia/calyptia.c file. Recommendations: For fluent-bit version 2.2.2, consider disabling the custom calyptia plugin...