CVE-2021-27186

CVE-2021-27186

EPSS 2.0%

Fluent Bit 1.6.10 has a NULL pointer dereference when an flb_malloc return value is not validated by flb_avro.c or http_server/api/v1/metrics.c.

Productos afectados

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →

Referencias

https://github.com/fluent/fluent-bit/issues/3044 https://github.com/fluent/fluent-bit/pull/3045 https://github.com/fluent/fluent-bit/pull/3047