Lucene search
K
TreasuredataFluent Bit

18 matches found

CVE
CVE
added 2024/02/26 12:0 a.m.4227 views

CVE-2024-26455

Converging evidence from multiple sources confirms CVE-2024-26455 affects fluent-bit 2.2.2, with a Use-After-Free in /fluent-bit/plugins/custom_calyptia/calyptia.c. The underlying issue is a post-release Use-After-Free vulnerability in that file, leading to an impact on availability (CVSS v3.1: H...

7.5CVSS6.7AI score0.00713EPSS
CVE
CVE
added 2024/05/20 12:6 p.m.483 views

CVE-2024-4323

CVE-2024-4323 is a memory corruption vulnerability in Fluent Bit caused by inadequate bounds checking in the embedded HTTP server’s trace request handling. The issue allows heap buffer overflow from copying request data without proper validation, potentially leading to Denial of Service, informat...

9.8CVSS7.5AI score0.28309EPSS
CVE
CVE
added 2021/07/01 2:50 a.m.88 views

CVE-2021-36088

CVE-2021-36088 affects Fluent Bit (fluent-bit) versions 1.7.0–1.7.4. The root cause is a double free in flb_free (called from flb_parser_json_do and flb_parser_do ). CVSS data in connected sources indicate a high/critical impact with network access and no authentication required, affecting confid...

9.8CVSS9.5AI score0.02384EPSS
CVE
CVE
added 2024/03/26 12:0 a.m.83 views

CVE-2024-23722

Fluent Bit 2.1.8–2.2.1 is vulnerable to a NULL pointer dereference triggered by an invalid HTTP payload with content-type x-www-form-urlencoded, causing a crash and log delivery disruption. Affected versions and impact are stated in multiple sources; remediation is to upgrade Fluent Bit to a vers...

7.5CVSS6.5AI score0.00944EPSS
CVE
CVE
added 2025/02/18 12:0 a.m.82 views

CVE-2024-50608

Fluent Bit 3.1.9 is affected by CVE-2024-50608 (Prometheus Remote Write input) and CVE-2024-50609 (OpenTelemetry input). In both cases, sending a crafted HTTP request with Content-Length: 0 triggers a NULL pointer dereference in the server (via cfl_sds_len) and can cause remote DoS. Connected adv...

7.5CVSS7.3AI score0.01037EPSS
CVE
CVE
added 2025/02/18 12:0 a.m.81 views

CVE-2024-50609

Fluent Bit 3.1.9 is affected by CVE-2024-50609 via the OpenTelemetry input plugin. A packet with Content-Length: 0 can trigger a NULL pointer dereference in opentelemetry_prot.c (process_payload_traces_proto_ng), causing a remote denial of service when the endpoint is reachable. The issue is spec...

7.5CVSS7.2AI score0.01037EPSS
CVE
CVE
added 2021/01/03 6:15 p.m.74 views

CVE-2020-35963

Vulnerability : Fluent Bit

7.8CVSS7.6AI score0.0131EPSS
CVE
CVE
added 2021/02/10 9:24 p.m.59 views

CVE-2021-27186

Fluent Bit 1.6.10 is affected by CVE-2021-27186 due to a NULL pointer dereference caused by an unvalidated flb_malloc return in flb_avro.c or in the HTTP server endpoint at http_server/api/v1/metrics.c. This vulnerability can lead to a crash; exploitation details or active exploit status are not ...

7.5CVSS7.5AI score0.01987EPSS
CVE
CVE
added 2025/04/04 12:0 a.m.58 views

CVE-2025-29477

Fluent Bit v3.7.2 is affected by a local-privilege DoS in the consume_event function. The CVSSv3.1 base score is 5.5 (MEDIUM); impact is confidentiality/ integrity low, availability high. Some sources note no published mitigation; PT-Security suggests temporarily disabling the consume_event funct...

5.5CVSS6.3AI score0.0017EPSS
CVE
CVE
added 2025/04/07 12:0 a.m.50 views

CVE-2025-29478

Fluent Bit 3.7.2 is affected by CVE-2025-29478. A local attacker can trigger a denial of service via the cfl_list_size in cfl_list.h:165. The issue is documented across multiple sources; no official patch details are provided in these documents. A PTSecurity advisory notes a possible temporary wo...

5.5CVSS6.8AI score0.0019EPSS
CVE
CVE
added 2023/04/11 12:0 a.m.44 views

CVE-2021-46878

Treasure Data Fluent Bit 1.7.1 is affected. The vulnerability stems from an error in flb_pack_msgpack_to_json_format that causes type confusion by interpreting stack data as msgpack maps/arrays, leading to use-after-free. This could allow an attacker to craft a specially crafted file and trigger ...

7.8CVSS7.8AI score0.0035EPSS
CVE
CVE
added 2019/03/13 7:0 p.m.40 views

CVE-2019-9749

The CVE-2019-9749 entry pertains to Fluent Bit’s MQTT input plugin (up to version 1.0.4) when acting as an MQTT broker. The root cause is in mqtt_packet_drop (plugins/in_mqtt/mqtt_prot.c): after processing a crafted packet, memmove() is invoked with a negative size, causing a crash of the Fluent ...

7.5CVSS7.3AI score0.01657EPSS
CVE
CVE
added 2023/04/11 12:0 a.m.40 views

CVE-2021-46879

The CVE-2021-46879 issue affects Treasure Data Fluent Bit 1.7.1. A wrong variable is used when reading msgpack data, causing a heap overflow in flb_msgpack_gelf_value_ext. This can be triggered by a crafted file opened with Fluent Bit, potentially allowing arbitrary code execution on the target s...

7.8CVSS8AI score0.0038EPSS
CVE
CVE
added 2025/11/24 2:39 p.m.38 views

CVE-2025-12970

The CVE-2025-12970 detail describes a vulnerability in Fluent Bit: the extract_name function in the in_docker input plugin copies container names into a fixed-size stack buffer without validating length, allowing an attacker who can create or name containers to supply a long name that overflows t...

8.8CVSS7.6AI score0.00788EPSS
CVE
CVE
added 2025/11/24 2:41 p.m.32 views

CVE-2025-12969

CVE-2025-12969 affects Fluent Bit, specifically the in_forward input plugin. The issue allows remote attackers with network access to bypass the security.users authentication under certain configurations, enabling unauthenticated data to be sent to the forward input. This can lead to forged log r...

6.5CVSS6.8AI score0.00555EPSS
CVE
CVE
added 2025/11/24 2:40 p.m.28 views

CVE-2025-12972

CVE-2025-12972 affects Fluent Bit, specifically the out_file plugin. When the File option is omitted, untrusted tag input is used to build output file paths, and tags containing path traversal sequences can cause files to be written outside the intended directory. This may enable unauthorized fil...

5.3CVSS6.5AI score0.00651EPSS
CVE
CVE
added 2025/11/24 2:40 p.m.26 views

CVE-2025-12977

Fluent Bit vulnerability CVE-2025-12977 affects the in_http, in_splunk, and in_elasticsearch input plugins. The root cause is improper sanitization of tag_key inputs, allowing special characters (e.g., newlines, ../) to be treated as valid tags. This can lead to newline injection, path traversal,...

9.1CVSS6.6AI score0.00632EPSS
CVE
CVE
added 2025/11/24 2:42 p.m.19 views

CVE-2025-12978

Fluent Bit’s input plugins in_http, in_splunk, and in_elasticsearch have a flaw in tag_key validation that does not enforce exact key-length matching. This lets crafted tag prefixes be treated as full matches, enabling a remote attacker with access to those endpoints to manipulate tags and redire...

5.4CVSS6.7AI score0.00341EPSS