Fluent Bit@* Security Vulnerabilities and Issues — Fluent Bit@* CVE List

Lucene search

TreasuredataFluent Bit*

5 matches found

CVE•added 2024/05/20 12:15 p.m.•397 views

CVE-2024-4323

A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, information disclosure, or remote code execution.

9.8CVSS7.5AI score0.79061EPSS

CVE•added 2021/07/01 3:15 a.m.•75 views

CVE-2021-36088

Fluent Bit (aka fluent-bit) 1.7.0 through 1.7.4 has a double free in flb_free (called from flb_parser_json_do and flb_parser_do).

9.8CVSS9.5AI score0.0051EPSS

CVE•added 2021/01/03 7:15 p.m.•61 views

CVE-2020-35963

flb_gzip_compress in flb_gzip.c in Fluent Bit before 1.6.4 has an out-of-bounds write because it does not use the correct calculation of the maximum gzip data-size expansion.

7.8CVSS7.6AI score0.00376EPSS

CVE•added 2024/03/26 3:15 p.m.•55 views

CVE-2024-23722

In Fluent Bit 2.1.8 through 2.2.1, a NULL pointer dereference can be caused via an invalid HTTP payload with the content type of x-www-form-urlencoded. It crashes and does not restart. This could result in logs not being delivered properly.

7.5CVSS6.5AI score0.00672EPSS

CVE•added 2019/03/13 7:29 p.m.•27 views

CVE-2019-9749

An issue was discovered in the MQTT input plugin in Fluent Bit through 1.0.4. When this plugin acts as an MQTT broker (server), it mishandles incoming network messages. After processing a crafted packet, the plugin's mqtt_packet_drop function (in /plugins/in_mqtt/mqtt_prot.c) executes the memmove()...

7.5CVSS7.3AI score0.00161EPSS