RSS   Podatności dla 'Fluent bit'   RSS

2021-07-01
 
CVE-2021-36088

CWE-415
 

 
Fluent Bit (aka fluent-bit) 1.7.0 through 1.7,4 has a double free in flb_free (called from flb_parser_json_do and flb_parser_do).

 
2021-02-10
 
CVE-2021-27186

CWE-476
 

 
Fluent Bit 1.6.10 has a NULL pointer dereference when an flb_malloc return value is not validated by flb_avro.c or http_server/api/v1/metrics.c.

 
2019-03-13
 
CVE-2019-9749

CWE-20
 

 
An issue was discovered in the MQTT input plugin in Fluent Bit through 1.0.4. When this plugin acts as an MQTT broker (server), it mishandles incoming network messages. After processing a crafted packet, the plugin's mqtt_packet_drop function (in /plugins/in_mqtt/mqtt_prot.c) executes the memmove() function with a negative size parameter. That leads to a crash of the whole Fluent Bit server via a SIGSEGV signal.

 


Copyright 2024, cxsecurity.com

 

Back to Top