The extract_name function in Fluent Bit in_docker input plugin copies container names into a fixed size stack buffer without validating length. An attacker who can create containers or control container names, can supply a long name that overflows the buffer, leading to process crash or arbitrary code execution.
oryginał ENCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HTreasuredata Fluent Bit
APPTreasuredata4.1.0
Powiązane podatności
Fluent Bit: brak sanityzacji tag_key umożliwia path traversal i wstrzyknięcie danych
Krytyczna podatność memory corruption w Fluent Bit — RCE i ujawnienie danych
Fluent Bit (aka fluent-bit) 1.7.0 through 1.7.4 has a double free in flb_free (called from flb_parser_json_do ...
An issue was discovered in Fluent Bit 3.1.9. When the OpenTelemetry input plugin is running and listening on a...
An issue was discovered in Fluent Bit 3.1.9. When the Prometheus Remote Write input plugin is running and list...