OSV-2020-2233

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/fluent-bit/OSV-2020-2233.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2020-2233
Published
2020-12-04T00:01:24.065614Z
Modified
2022-04-13T03:36:15.406207Z
Summary
Heap-buffer-overflow in flb_sds_cat_utf8
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28222

Crash type: Heap-buffer-overflow READ 1
Crash state:
flb_sds_cat_utf8
flb_msgpack_gelf_value
flb_msgpack_to_gelf
References

Affected packages

OSS-Fuzz / fluent-bit

Package

Name
fluent-bit
Purl
pkg:generic/fluent-bit

Affected ranges

Type
GIT
Repo
https://github.com/fluent/fluent-bit/
Events
Introduced
d62166140fab2faa5307d871957dbac16bc08dc2
Fixed
4c1de376612bb0665bc0c1e3c4b03790a949ac3f
Fixed
9d21819b331e62c80bd3a946d48ae3fffe3d8809

Affected versions

v1.*

v1.6.0
v1.6.1
v1.6.10
v1.6.2
v1.6.3
v1.6.4
v1.6.5
v1.6.6
v1.6.7
v1.6.8
v1.6.9
v1.7.0
v1.7.0-rc1
v1.7.0-rc2
v1.7.0-rc3
v1.7.0-rc4
v1.7.0-rc5
v1.7.0-rc6
v1.7.0-rc7
v1.7.0-rc8
v1.7.0-rc9
v1.7.1

Ecosystem specific 

{
    "severity": "MEDIUM"
}