CVE-2021-27186

CVE-2021-27186

EPSS 2.0%

Fluent Bit 1.6.10 has a NULL pointer dereference when an flb_malloc return value is not validated by flb_avro.c or http_server/api/v1/metrics.c.

Affected products

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →

References

https://github.com/fluent/fluent-bit/issues/3044 https://github.com/fluent/fluent-bit/pull/3045 https://github.com/fluent/fluent-bit/pull/3047