Fluent Bit Security Vulnerabilities and Issues — Fluent Bit CVE List

Lucene search

TreasuredataFluent Bit

9 matches found

CVE•added 2024/02/26 6:15 p.m.•4204 views

CVE-2024-26455

fluent-bit 2.2.2 contains a Use-After-Free vulnerability in /fluent-bit/plugins/custom_calyptia/calyptia.c.

7.5CVSS6.7AI score0.00093EPSS

CVE•added 2025/02/18 6:15 p.m.•64 views

CVE-2024-50608

An issue was discovered in Fluent Bit 3.1.9. When the Prometheus Remote Write input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length is 0 allows a user (with access to...

7.5CVSS7.3AI score0.003EPSS

CVE•added 2025/02/18 6:15 p.m.•64 views

CVE-2024-50609

An issue was discovered in Fluent Bit 3.1.9. When the OpenTelemetry input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length is 0 allows a user (with access to the endpo...

7.5CVSS7.2AI score0.003EPSS

CVE•added 2021/01/03 7:15 p.m.•61 views

CVE-2020-35963

flb_gzip_compress in flb_gzip.c in Fluent Bit before 1.6.4 has an out-of-bounds write because it does not use the correct calculation of the maximum gzip data-size expansion.

7.8CVSS7.6AI score0.00376EPSS

CVE•added 2024/03/26 3:15 p.m.•55 views

CVE-2024-23722

In Fluent Bit 2.1.8 through 2.2.1, a NULL pointer dereference can be caused via an invalid HTTP payload with the content type of x-www-form-urlencoded. It crashes and does not restart. This could result in logs not being delivered properly.

7.5CVSS6.5AI score0.00672EPSS

CVE•added 2021/02/10 10:15 p.m.•39 views

CVE-2021-27186

Fluent Bit 1.6.10 has a NULL pointer dereference when an flb_malloc return value is not validated by flb_avro.c or http_server/api/v1/metrics.c.

7.5CVSS7.5AI score0.00409EPSS

CVE•added 2019/03/13 7:29 p.m.•27 views

CVE-2019-9749

An issue was discovered in the MQTT input plugin in Fluent Bit through 1.0.4. When this plugin acts as an MQTT broker (server), it mishandles incoming network messages. After processing a crafted packet, the plugin's mqtt_packet_drop function (in /plugins/in_mqtt/mqtt_prot.c) executes the memmove()...

7.5CVSS7.3AI score0.00161EPSS

CVE•added 2023/04/11 6:15 p.m.•26 views

CVE-2021-46878

An issue was discovered in Treasure Data Fluent Bit 1.7.1, erroneous parsing in flb_pack_msgpack_to_json_format leads to type confusion bug that interprets whatever is on the stack as msgpack maps and arrays, leading to use-after-free. This can be used by an attacker to craft a specially craft file...

7.8CVSS7.8AI score0.00032EPSS

CVE•added 2023/04/11 6:15 p.m.•23 views

CVE-2021-46879

An issue was discovered in Treasure Data Fluent Bit 1.7.1, a wrong variable is used to get the msgpack data resulting in a heap overflow in flb_msgpack_gelf_value_ext. An attacker can craft a malicious file and tick the victim to open the file with the software, triggering a heap overflow and execu...

7.8CVSS8AI score0.00022EPSS