OSV-2020-2117

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/fluent-bit/OSV-2020-2117.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2020-2117
Published
2020-11-02T00:00:07.716307Z
Modified
2022-04-13T03:33:04.306630Z
Summary
Heap-buffer-overflow in flb_msgpack_gelf_value_ext
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26851

Crash type: Heap-buffer-overflow READ 1
Crash state:
flb_msgpack_gelf_value_ext
flb_msgpack_to_gelf
flb_msgpack_raw_to_gelf
References

Affected packages

OSS-Fuzz / fluent-bit

Package

Name
fluent-bit
Purl
pkg:generic/fluent-bit

Affected ranges

Type
GIT
Repo
https://github.com/fluent/fluent-bit/
Events
Introduced
d95ea655478ab9b0e97312ad80ac1da591ce7aaa
Fixed
9a3bd47ec6121492e2c5e37ca14f5827bb7d6db2
Introduced
aea2b787028482a159de615fe9a891deb19cb8dc
Fixed
13ea5bcdeac5e8e84c9d0e51e357fd05d15d4a3d
Fixed
e0aed4a1422c30b038f5f51db950c3c5ab0cf2a9
Fixed
8e32391ba4ea8bcde66ae7cba894171837442a1b

Affected versions

v1.*

v1.7.0
v1.7.0-rc1
v1.7.0-rc2
v1.7.0-rc3
v1.7.0-rc4
v1.7.0-rc5
v1.7.0-rc6
v1.7.0-rc7
v1.7.0-rc8
v1.7.0-rc9
v1.7.1

Ecosystem specific 

{
    "severity": "MEDIUM",
    "introduced_range": "9643eebeba6bddd31978783cbbfb1686c93d8e24:1b262cebff01a2d54c7dab8ff5d3d8e340faed30"
}

Database specific 

{
    "fixed_range": "7114027056f78ff24e255f9f5ae72765b79aad45:13ea5bcdeac5e8e84c9d0e51e357fd05d15d4a3d"
}