Lucene search

K

Treasuredata Security Vulnerabilities

cve
cve

CVE-2021-36088

Fluent Bit (aka fluent-bit) 1.7.0 through 1.7.4 has a double free in flb_free (called from flb_parser_json_do and...

9.8CVSS

9.5AI Score

0.005EPSS

2021-07-01 03:15 AM
63
cve
cve

CVE-2021-46879

An issue was discovered in Treasure Data Fluent Bit 1.7.1, a wrong variable is used to get the msgpack data resulting in a heap overflow in flb_msgpack_gelf_value_ext. An attacker can craft a malicious file and tick the victim to open the file with the software, triggering a heap overflow and...

7.8CVSS

8AI Score

0.001EPSS

2023-04-11 06:15 PM
9
cve
cve

CVE-2021-46878

An issue was discovered in Treasure Data Fluent Bit 1.7.1, erroneous parsing in flb_pack_msgpack_to_json_format leads to type confusion bug that interprets whatever is on the stack as msgpack maps and arrays, leading to use-after-free. This can be used by an attacker to craft a specially craft...

7.8CVSS

7.8AI Score

0.001EPSS

2023-04-11 06:15 PM
9
cve
cve

CVE-2019-9749

An issue was discovered in the MQTT input plugin in Fluent Bit through 1.0.4. When this plugin acts as an MQTT broker (server), it mishandles incoming network messages. After processing a crafted packet, the plugin's mqtt_packet_drop function (in /plugins/in_mqtt/mqtt_prot.c) executes the...

7.5CVSS

7.3AI Score

0.001EPSS

2022-10-03 04:19 PM
17
cve
cve

CVE-2021-27186

Fluent Bit 1.6.10 has a NULL pointer dereference when an flb_malloc return value is not validated by flb_avro.c or...

7.5CVSS

7.5AI Score

0.002EPSS

2021-02-10 10:15 PM
25
2
cve
cve

CVE-2020-35963

flb_gzip_compress in flb_gzip.c in Fluent Bit before 1.6.4 has an out-of-bounds write because it does not use the correct calculation of the maximum gzip data-size...

7.8CVSS

7.6AI Score

0.002EPSS

2021-01-03 07:15 PM
42