23 matches found
EUVD-2021-33528
Malicious code in bioql PyPI...
EUVD-2021-33529
Malicious code in bioql PyPI...
BIT-FLUENT-BIT-2021-46878
An issue was discovered in Treasure Data Fluent Bit 1.7.1, erroneous parsing in flbpackmsgpacktojsonformat leads to type confusion bug that interprets whatever is on the stack as msgpack maps and arrays, leading to use-after-free. This can be used by an attacker to craft a specially craft file an...
BIT-FLUENT-BIT-2021-46879
An issue was discovered in Treasure Data Fluent Bit 1.7.1, a wrong variable is used to get the msgpack data resulting in a heap overflow in flbmsgpackgelfvalueext. An attacker can craft a malicious file and tick the victim to open the file with the software, triggering a heap overflow and execute...
GHSA-5MP4-32RR-V3X5 Absolute path traversal vulnerability in digdag server
Summary Treasure Data's digdag workload automation system is susceptible to a path traversal vulnerability if it's configured to store log files locally. Impact This issue may lead to Information Disclosure...
CVE-2024-25125 Absolute path traversal vulnerability in digdag server
Digdag is an open source tool that to build, run, schedule, and monitor complex pipelines of tasks across various platforms. Treasure Data's digdag workload automation system is susceptible to a path traversal vulnerability if it's configured to store log files locally. This issue may lead to...
Digdag Path Traversal Vulnerability
Digdag is an open source tool for building, running, scheduling and monitoring complex task pipelines across a variety of platforms. A path traversal vulnerability exists in Digdag versions prior to 0.10.5.1, which stems from the fact that the digdag workload automation system in Treasure Data is...
An issue was discovered in Treasure Data Fluent Bit 1.7.1 a wrong variable is used to get the msgpack data resulting in a heap overflow in flb_msgpack_gelf_value_ext. An attacker can craft a malicious file and tick the victim to open the file with the software triggering a heap overflow and execute arbitrary code on the target system.
...
An issue was discovered in Treasure Data Fluent Bit 1.7.1 erroneous parsing in flb_pack_msgpack_to_json_format leads to type confusion bug that interprets whatever is on the stack as msgpack maps and arrays leading to use-after-free. This can be used by an attacker to craft a specially craft file and trick the victim opening it using the affect software triggering use-after-free and execute arbitrary code on the target system.
...
CVE-2021-46879
An issue was discovered in Treasure Data Fluent Bit 1.7.1, a wrong variable is used to get the msgpack data resulting in a heap overflow in flbmsgpackgelfvalueext. An attacker can craft a malicious file and tick the victim to open the file with the software, triggering a heap overflow and execute...
CVE-2021-46878
An issue was discovered in Treasure Data Fluent Bit 1.7.1, erroneous parsing in flbpackmsgpacktojsonformat leads to type confusion bug that interprets whatever is on the stack as msgpack maps and arrays, leading to use-after-free. This can be used by an attacker to craft a specially craft file an...
CVE-2021-46879
An issue was discovered in Treasure Data Fluent Bit 1.7.1, a wrong variable is used to get the msgpack data resulting in a heap overflow in flbmsgpackgelfvalueext. An attacker can craft a malicious file and tick the victim to open the file with the software, triggering a heap overflow and execute...
CVE-2021-46878
An issue was discovered in Treasure Data Fluent Bit 1.7.1, erroneous parsing in flbpackmsgpacktojsonformat leads to type confusion bug that interprets whatever is on the stack as msgpack maps and arrays, leading to use-after-free. This can be used by an attacker to craft a specially craft file an...
Type confusion
An issue was discovered in Treasure Data Fluent Bit 1.7.1, erroneous parsing in flbpackmsgpacktojsonformat leads to type confusion bug that interprets whatever is on the stack as msgpack maps and arrays, leading to use-after-free. This can be used by an attacker to craft a specially craft file an...
PT-2023-12598 · Treasure Data · Treasure Data Fluent Bit
Name of the Vulnerable Software and Affected Versions: Treasure Data Fluent Bit version 1.7.1 Description: An issue was discovered in Treasure Data Fluent Bit, where erroneous parsing in flb pack msgpack to json format leads to a type confusion bug. This bug interprets whatever is on the stack as...
CVE-2021-46879
An issue was discovered in Treasure Data Fluent Bit 1.7.1, a wrong variable is used to get the msgpack data resulting in a heap overflow in flbmsgpackgelfvalueext. An attacker can craft a malicious file and tick the victim to open the file with the software, triggering a heap overflow and execute...
CVE-2021-46878
An issue was discovered in Treasure Data Fluent Bit 1.7.1, erroneous parsing in flbpackmsgpacktojsonformat leads to type confusion bug that interprets whatever is on the stack as msgpack maps and arrays, leading to use-after-free. This can be used by an attacker to craft a specially craft file an...
CVE-2021-46879
An issue was discovered in Treasure Data Fluent Bit 1.7.1, a wrong variable is used to get the msgpack data resulting in a heap overflow in flbmsgpackgelfvalueext. An attacker can craft a malicious file and tick the victim to open the file with the software, triggering a heap overflow and execute...
Fluent Bit 安全漏洞
Fluent Bit is an open source log processing and analyzing system written in C. A security vulnerability exists in Treasure Data Fluent Bit version 1.7.1, which stems from the presence of a type-obfuscation error that leads to post-release reuse and can be exploited by an attacker to execute...
PT-2023-12599 · Treasure Data · Treasure Data Fluent Bit
Name of the Vulnerable Software and Affected Versions: Treasure Data Fluent Bit version 1.7.1 Description: An issue was discovered in Treasure Data Fluent Bit, where a wrong variable is used to get the msgpack data, resulting in a heap overflow in flb msgpack gelf value ext. An attacker can craft...