OSV-2020-2242

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/fluent-bit/OSV-2020-2242.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2020-2242
Published
2020-12-05T00:00:50.659183Z
Modified
2022-04-13T03:38:11.059900Z
Summary
Heap-buffer-overflow in tinfl_decompress
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=28285

Crash type: Heap-buffer-overflow READ 1
Crash state:
tinfl_decompress
mz_inflate
flb_gzip_uncompress
References

Affected packages

OSS-Fuzz / fluent-bit

Package

Name
fluent-bit
Purl
pkg:generic/fluent-bit

Affected ranges

Type
GIT
Repo
https://github.com/fluent/fluent-bit/
Events
Introduced
7a588237fdb744e5825fb119753dcad2e8878866
Fixed
598745d7f7330c45df80a0bad7a8bae8d9e5cc32
Introduced
03ff96d82f5f51a8bea6981fc9d7e8c3429c50b1
Fixed
a1b2e285a5cb16d64eaeddc89fa2f284edc52e54

Affected versions

v1.*

v1.6.10
v1.6.4
v1.6.5
v1.6.6
v1.6.7
v1.6.8
v1.6.9
v1.7.0
v1.7.0-rc1
v1.7.0-rc2
v1.7.0-rc3
v1.7.0-rc4
v1.7.0-rc5
v1.7.0-rc6
v1.7.0-rc7
v1.7.0-rc8
v1.7.0-rc9
v1.7.1

Ecosystem specific 

{
    "severity": "MEDIUM"
}