CVE-2021-27186

CVE-2021-27186

EPSS 2.0%

Fluent Bit 1.6.10 has a NULL pointer dereference when an flb_malloc return value is not validated by flb_avro.c or http_server/api/v1/metrics.c.

Produtos afetados

Quer saber se a sua infraestrutura está exposta a isto?

Falar com a TrueHacking →

Referências

https://github.com/fluent/fluent-bit/issues/3044 https://github.com/fluent/fluent-bit/pull/3045 https://github.com/fluent/fluent-bit/pull/3047