OSV-2021-855

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/fluent-bit/OSV-2021-855.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2021-855

Published

2021-06-14T00:00:18.084172Z

Modified

2023-04-20T22:43:29.858337Z

Summary

Heap-buffer-overflow in mk_rconf_read

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35185

Crash type: Heap-buffer-overflow READ 1
Crash state:
mk_rconf_read
mk_rconf_open
flb_parser_conf_file

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=35185

Affected packages

OSS-Fuzz / fluent-bit

Package

Name: fluent-bit
Purl: pkg:generic/fluent-bit

Affected ranges

Type: GIT
Repo: https://github.com/fluent/fluent-bit/
Events: Introduced

8f653c34c0dd46c39e2a5ebf9ff3fe9ec932fc4f

Introduced

ed82460da17f5a029df74503d3a5f8f69d29d3ea

Fixed

1c3811ba12bf924a96c916e2409a0d41c336debf

Affected versions

1.*

1.8.9-dev-6b56f51

Other

20220215

unstable-leonardo-cio-log-poc

tiger-1.*

tiger-1.8.15-20221123

tiger-1.8.15-20221220

tiger-1.8.15-20230223

tiger-1.8.15-20230329

unstable-1.*

unstable-1.8

v1.*

v1.8.0

v1.8.0-rc1

v1.8.1

v1.8.10

v1.8.11

v1.8.12

v1.8.13

v1.8.14

v1.8.15

v1.8.2

v1.8.3

v1.8.4

v1.8.5

v1.8.6

v1.8.7

v1.8.8

v1.8.9

v1.8.9-dev-6b56f51

Ecosystem specific

{
    "severity": "MEDIUM"
}