18 matches found
CVE-2024-26455
Converging evidence from multiple sources confirms CVE-2024-26455 affects fluent-bit 2.2.2, with a Use-After-Free in /fluent-bit/plugins/custom_calyptia/calyptia.c. The underlying issue is a post-release Use-After-Free vulnerability in that file, leading to an impact on availability (CVSS v3.1: H...
CVE-2024-4323
CVE-2024-4323 is a memory corruption vulnerability in Fluent Bit caused by inadequate bounds checking in the embedded HTTP server’s trace request handling. The issue allows heap buffer overflow from copying request data without proper validation, potentially leading to Denial of Service, informat...
CVE-2021-36088
CVE-2021-36088 affects Fluent Bit (fluent-bit) versions 1.7.0–1.7.4. The root cause is a double free in flb_free (called from flb_parser_json_do and flb_parser_do ). CVSS data in connected sources indicate a high/critical impact with network access and no authentication required, affecting confid...
CVE-2024-23722
Fluent Bit 2.1.8–2.2.1 is vulnerable to a NULL pointer dereference triggered by an invalid HTTP payload with content-type x-www-form-urlencoded, causing a crash and log delivery disruption. Affected versions and impact are stated in multiple sources; remediation is to upgrade Fluent Bit to a vers...
CVE-2024-50608
Fluent Bit 3.1.9 is affected by CVE-2024-50608 (Prometheus Remote Write input) and CVE-2024-50609 (OpenTelemetry input). In both cases, sending a crafted HTTP request with Content-Length: 0 triggers a NULL pointer dereference in the server (via cfl_sds_len) and can cause remote DoS. Connected adv...
CVE-2024-50609
Fluent Bit 3.1.9 is affected by CVE-2024-50609 via the OpenTelemetry input plugin. A packet with Content-Length: 0 can trigger a NULL pointer dereference in opentelemetry_prot.c (process_payload_traces_proto_ng), causing a remote denial of service when the endpoint is reachable. The issue is spec...
CVE-2020-35963
Vulnerability : Fluent Bit
CVE-2021-27186
Fluent Bit 1.6.10 is affected by CVE-2021-27186 due to a NULL pointer dereference caused by an unvalidated flb_malloc return in flb_avro.c or in the HTTP server endpoint at http_server/api/v1/metrics.c. This vulnerability can lead to a crash; exploitation details or active exploit status are not ...
CVE-2025-29477
Fluent Bit v3.7.2 is affected by a local-privilege DoS in the consume_event function. The CVSSv3.1 base score is 5.5 (MEDIUM); impact is confidentiality/ integrity low, availability high. Some sources note no published mitigation; PT-Security suggests temporarily disabling the consume_event funct...
CVE-2025-29478
Fluent Bit 3.7.2 is affected by CVE-2025-29478. A local attacker can trigger a denial of service via the cfl_list_size in cfl_list.h:165. The issue is documented across multiple sources; no official patch details are provided in these documents. A PTSecurity advisory notes a possible temporary wo...
CVE-2021-46878
Treasure Data Fluent Bit 1.7.1 is affected. The vulnerability stems from an error in flb_pack_msgpack_to_json_format that causes type confusion by interpreting stack data as msgpack maps/arrays, leading to use-after-free. This could allow an attacker to craft a specially crafted file and trigger ...
CVE-2019-9749
The CVE-2019-9749 entry pertains to Fluent Bit’s MQTT input plugin (up to version 1.0.4) when acting as an MQTT broker. The root cause is in mqtt_packet_drop (plugins/in_mqtt/mqtt_prot.c): after processing a crafted packet, memmove() is invoked with a negative size, causing a crash of the Fluent ...
CVE-2021-46879
The CVE-2021-46879 issue affects Treasure Data Fluent Bit 1.7.1. A wrong variable is used when reading msgpack data, causing a heap overflow in flb_msgpack_gelf_value_ext. This can be triggered by a crafted file opened with Fluent Bit, potentially allowing arbitrary code execution on the target s...
CVE-2025-12970
The CVE-2025-12970 detail describes a vulnerability in Fluent Bit: the extract_name function in the in_docker input plugin copies container names into a fixed-size stack buffer without validating length, allowing an attacker who can create or name containers to supply a long name that overflows t...
CVE-2025-12969
CVE-2025-12969 affects Fluent Bit, specifically the in_forward input plugin. The issue allows remote attackers with network access to bypass the security.users authentication under certain configurations, enabling unauthenticated data to be sent to the forward input. This can lead to forged log r...
CVE-2025-12972
CVE-2025-12972 affects Fluent Bit, specifically the out_file plugin. When the File option is omitted, untrusted tag input is used to build output file paths, and tags containing path traversal sequences can cause files to be written outside the intended directory. This may enable unauthorized fil...
CVE-2025-12977
Fluent Bit vulnerability CVE-2025-12977 affects the in_http, in_splunk, and in_elasticsearch input plugins. The root cause is improper sanitization of tag_key inputs, allowing special characters (e.g., newlines, ../) to be treated as valid tags. This can lead to newline injection, path traversal,...
CVE-2025-12978
Fluent Bit’s input plugins in_http, in_splunk, and in_elasticsearch have a flaw in tag_key validation that does not enforce exact key-length matching. This lets crafted tag prefixes be treated as full matches, enabling a remote attacker with access to those endpoints to manipulate tags and redire...