Published on: Not Yet Published
Last Modified on: 04/26/2023 01:42:00 PM UTC
CVE-2021-46878Source: Mitre Source: NIST CVE.ORG Print: PDF
Certain versions of Fluent Bit from Treasuredata contain the following vulnerability:
An issue was discovered in Treasure Data Fluent Bit 1.7.1, erroneous parsing in flb_pack_msgpack_to_json_format leads to type confusion bug that interprets whatever is on the stack as msgpack maps and arrays, leading to use-after-free. This can be used by an attacker to craft a specially craft file and trick the victim opening it using the affect software, triggering use-after-free and execute arbitrary code on the target system.
- CVE-2021-46878 has been assigned by [email protected] to track the vulnerability - currently rated as HIGH severity.
CVSS3 Score: 7.8 - HIGH
|27742 - oss-fuzz - OSS-Fuzz: Fuzzing the planet - Monorail|| bugs.chromium.org |
|pack: fix type confusion bugs. Amongst other OSS-Fuzz 5136174263566336 by DavidKorczynski · Pull Request #3115 · fluent/fluent-bit · GitHub|| github.com |
Related QID Numbers
- 906882 Common Base Linux Mariner (CBL-Mariner) Security Update for fluent-bit (26125-1)
Known Affected Configurations (CPE V2.3)
No vendor comments have been submitted for this CVE
|@CVEreport||CVE-2021-46878 : An issue was discovered in Treasure Data Fluent Bit 1.7.1, erroneous parsing in flb_pack_msgpack_t… twitter.com/i/web/status/1…||2023-04-11 18:11:08|
|@Robo_Alerts||Potentially Critical CVE Detected! CVE-2021-46878 An issue was discovered in Treasure Data Fluent Bit 1.7.1, errone… twitter.com/i/web/status/1…||2023-04-11 19:11:01|