CVE-2021-27186

Fluent Bit 1.6.10 has a NULL pointer dereference when an flb_malloc return value is not validated by flb_avro.c or http_server/api/v1/metrics.c.
References
Link Resource
https://github.com/fluent/fluent-bit/issues/3044 Exploit Third Party Advisory
https://github.com/fluent/fluent-bit/pull/3045 Exploit Patch Third Party Advisory
https://github.com/fluent/fluent-bit/pull/3047 Patch Third Party Advisory
Advertisement

NeevaHost hosting service

Configurations

Configuration 1 (hide)

cpe:2.3:a:treasuredata:fluent_bit:1.6.10:*:*:*:*:*:*:*

Information

Published : 2021-02-10 14:15

Updated : 2021-02-16 12:42


NVD link : CVE-2021-27186

Mitre link : CVE-2021-27186


JSON object : View

CWE
CWE-476

NULL Pointer Dereference

Advertisement

dedicated server usa

Products Affected

treasuredata

  • fluent_bit