Filtered by vendor Treasuredata
Subscribe
Total
4 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2019-9749 | 1 Treasuredata | 1 Fluent Bit | 2021-07-21 | 5.0 MEDIUM | 7.5 HIGH |
| An issue was discovered in the MQTT input plugin in Fluent Bit through 1.0.4. When this plugin acts as an MQTT broker (server), it mishandles incoming network messages. After processing a crafted packet, the plugin's mqtt_packet_drop function (in /plugins/in_mqtt/mqtt_prot.c) executes the memmove() function with a negative size parameter. That leads to a crash of the whole Fluent Bit server via a SIGSEGV signal. | |||||
| CVE-2021-36088 | 1 Treasuredata | 1 Fluent Bit | 2021-07-08 | 7.5 HIGH | 9.8 CRITICAL |
| Fluent Bit (aka fluent-bit) 1.7.0 through 1.7,4 has a double free in flb_free (called from flb_parser_json_do and flb_parser_do). | |||||
| CVE-2021-27186 | 1 Treasuredata | 1 Fluent Bit | 2021-02-16 | 5.0 MEDIUM | 7.5 HIGH |
| Fluent Bit 1.6.10 has a NULL pointer dereference when an flb_malloc return value is not validated by flb_avro.c or http_server/api/v1/metrics.c. | |||||
| CVE-2020-35963 | 2 Linux, Treasuredata | 2 Linux Kernel, Fluent Bit | 2021-01-08 | 6.8 MEDIUM | 7.8 HIGH |
| flb_gzip_compress in flb_gzip.c in Fluent Bit before 1.6.4 has an out-of-bounds write because it does not use the correct calculation of the maximum gzip data-size expansion. | |||||