OSV-2023-685

See a problem?

Import Source

https://github.com/google/oss-fuzz-vulns/blob/main/vulns/fluent-bit/OSV-2023-685.yaml

JSON Data

https://api.osv.dev/v1/vulns/OSV-2023-685

Published

2023-08-11T14:02:10.018940Z

Modified

2024-09-01T14:21:29.336035Z

Summary

Invalid-free in reset_context

Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61339

Crash type: Invalid-free
Crash state:
reset_context
cmt_decode_prometheus_create
cmetrics_decode_fuzz.c

References

https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=61339

Affected packages

OSS-Fuzz / fluent-bit

Package

Name: fluent-bit
Purl: pkg:generic/fluent-bit

Affected ranges

Type: GIT
Repo: https://github.com/fluent/fluent-bit/
Events: Introduced

3c7cfed0fbd446a55a7e7e5889b9a43147405c4d

Introduced

6f54e3d7d64bd6a03b5affea609bd285e3d7c1c2

Fixed

fe43ed120ce9c2612f75cca4424150c1b15690d5

Fixed

2beca980f55714f669b6605f6b110e25522c1dbc

Affected versions

v2.*

v2.1.10

v2.1.5

v2.1.5-windows-artifact-fix

v2.1.6

v2.1.7

v2.1.8

v2.1.9

v2.2.0

v2.2.1

v2.2.2

v2.2.3

v3.*

v3.0.0

v3.0.1

v3.0.2

v3.0.3

v3.0.4

v3.0.5

v3.0.6

v3.0.7

v3.1.0

v3.1.1

v3.1.2

v3.1.3

v3.1.4

v3.1.5

v3.1.6

Ecosystem specific

{
    "severity": "HIGH"
}