OSV-2020-2148

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/fluent-bit/OSV-2020-2148.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2020-2148

Published

2020-11-12T00:00:05.550790Z

Modified

2022-04-13T03:36:45.802759Z

Summary

Heap-buffer-overflow in flb_gzip_compress

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27368

Crash type: Heap-buffer-overflow WRITE 1
Crash state:
flb_gzip_compress
utils_fuzzer.c

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27368

Affected packages

OSS-Fuzz / fluent-bit

Package

Name: fluent-bit
Purl: pkg:generic/fluent-bit

Affected ranges

Type: GIT
Repo: https://github.com/fluent/fluent-bit/
Events: Introduced

cadff53c093210404aed01c4cf586adb8caa07af

Fixed

df2af999105cd6c94ec8b533bcca498664b1aa16

Introduced

fe2a7dc356bd652a5c2e1137726716e5d18967c8

Affected versions

v1.*

v1.6.10

v1.6.4

v1.6.5

v1.6.6

v1.6.7

v1.6.8

v1.6.9

v1.7.0

v1.7.0-rc1

v1.7.0-rc2

v1.7.0-rc3

v1.7.0-rc4

v1.7.0-rc5

v1.7.0-rc6

v1.7.0-rc7

v1.7.0-rc8

v1.7.0-rc9

v1.7.1

v1.7.2

v1.7.3

v1.7.4

v1.7.5

v1.7.6

v1.7.7

v1.7.8

v1.7.9

Ecosystem specific

{
    "severity": "HIGH"
}