AZL-76536 CVE-2025-63651 affecting package fluent-bit 3.1.10-4

A use-after-free in the mkstringcharsearch function mkcore/mkstring.c of monkey commit f37e984 allows attackers to cause a Denial of Service DoS via sending a crafted HTTP request to the server...

Azure Linux 3.0 Security Update: fluent-bit (CVE-2025-31498)

The version of fluent-bit installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-31498 advisory. - c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in...

Fluent Bit 安全漏洞

Fluent Bit is an open source log processing and analyzing system written in C by Fluent Open Source. A security vulnerability exists in Fluent Bit that stems from a failure to properly implement the security.users authentication mechanism, which could lead to a remote attacker sending...

EUVD-2020-23546

Malware in sbrugna...

EUVD-2025-9768

Malicious code in bioql PyPI...

EUVD-2025-10313

Malicious code in bioql PyPI...

CVE-2021-36088

Fluent Bit aka fluent-bit 1.7.0 through 1.7.4 has a double free in flbfree called from flbparserjsondo and flbparserdo...

CVE-2019-9749

An issue was discovered in the MQTT input plugin in Fluent Bit through 1.0.4. When this plugin acts as an MQTT broker server, it mishandles incoming network messages. After processing a crafted packet, the plugin's mqttpacketdrop function in /plugins/inmqtt/mqttprot.c executes the memmove functio...

BIT-FLUENT-BIT-2024-50608

An issue was discovered in Fluent Bit 3.1.9. When the Prometheus Remote Write input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length is 0 allows a user with access t...

CVE-2025-31498 affecting package fluent-bit for versions less than 3.1.9-4

CVE-2025-31498 affecting package fluent-bit for versions less than 3.1.9-4. A patched version of the package is available...

AZL-59742 CVE-2025-31498 affecting package fluent-bit for versions less than 3.1.9-4

c-ares is an asynchronous resolver library. From 1.32.3 through 1.34.4, there is a use-after-free in readanswers when processanswer may re-enqueue a query either due to a DNS Cookie Failure or when the upstream server does not properly support EDNS, or possibly on TCP queries if the remote closed...

PT-2025-15280

Name of the Vulnerable Software and Affected Versions fluent-bit version 3.7.2 Description The issue allows a local attacker to cause a denial of service via the cfl list size in cfl list.h:165. This can be exploited to disrupt the service. Recommendations For fluent-bit version 3.7.2, as a...

CVE-2025-29477

An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consumeevent. Mitigation Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deploymen...

AZL-59586 CVE-2025-29477 affecting package fluent-bit 3.1.10-4

An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consumeevent...

CVE-2025-29477

An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consumeevent...

CVE-2025-29477

An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consumeevent...

PT-2025-15040

Name of the Vulnerable Software and Affected Versions fluent-bit version 3.7.2 Description The issue allows a local attacker to cause a denial of service via the consume event function. Recommendations For fluent-bit version 3.7.2, as a temporary workaround, consider disabling the consume event...

CVE-2025-29477

Fluent Bit v3.7.2 is affected by a local-privilege DoS in the consume_event function. The CVSSv3.1 base score is 5.5 (MEDIUM); impact is confidentiality/ integrity low, availability high. Some sources note no published mitigation; PT-Security suggests temporarily disabling the consume_event funct...

Fedora 41 : fluent-bit (2025-b355fdb8e5)

The remote Fedora 41 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-b355fdb8e5 advisory. Update to 3.2.8 - Closes rhbz2137000 rhbz2340164 rhbz2300673 Tenable has extracted the preceding description block directly from the Fedora security advisory...

Fedora 40 : fluent-bit (2025-b2bdcfedac)

The remote Fedora 40 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-b2bdcfedac advisory. Update to 3.2.8 - Closes rhbz2137000 rhbz2340164 rhbz2300673 Tenable has extracted the preceding description block directly from the Fedora security advisory...