CVE-2021-46878
https://notcve.org/view.php?id=CVE-2021-46878
An issue was discovered in Treasure Data Fluent Bit 1.7.1, erroneous parsing in flb_pack_msgpack_to_json_format leads to type confusion bug that interprets whatever is on the stack as msgpack maps and arrays, leading to use-after-free. This can be used by an attacker to craft a specially craft file and trick the victim opening it using the affect software, triggering use-after-free and execute arbitrary code on the target system. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27742 https://github.com/fluent/fluent-bit/pull/3115 • CWE-843: Access of Resource Using Incompatible Type ('Type Confusion') •
CVE-2021-46879
https://notcve.org/view.php?id=CVE-2021-46879
An issue was discovered in Treasure Data Fluent Bit 1.7.1, a wrong variable is used to get the msgpack data resulting in a heap overflow in flb_msgpack_gelf_value_ext. An attacker can craft a malicious file and tick the victim to open the file with the software, triggering a heap overflow and execute arbitrary code on the target system. • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26851 https://github.com/fluent/fluent-bit/pull/3100 • CWE-787: Out-of-bounds Write •
CVE-2021-36088
https://notcve.org/view.php?id=CVE-2021-36088
Fluent Bit (aka fluent-bit) 1.7.0 through 1.7.4 has a double free in flb_free (called from flb_parser_json_do and flb_parser_do). Fluent Bit (también se conoce como fluent-bit) versiones 1.7.0 hasta 1.7,4 presenta una doble liberación en la función flb_free (llamado desde flb_parser_json_do y flb_parser_do) • https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33750 https://github.com/fluent/fluent-bit/commit/22346a74c07ceb90296be872be2d53eb92252a54 https://github.com/fluent/fluent-bit/pull/3453 https://github.com/google/oss-fuzz-vulns/blob/main/vulns/fluent-bit/OSV-2021-702.yaml • CWE-415: Double Free •