OSV-2026-2

See a problem?
Import Source
https://github.com/google/oss-fuzz-vulns/blob/main/vulns/fluent-bit/OSV-2026-2.yaml
JSON Data
https://api.osv.dev/v1/vulns/OSV-2026-2
Published
2026-01-03T00:15:15.907754Z
Modified
2026-01-03T00:15:15.908130Z
Summary
Heap-buffer-overflow in cmt_mpack_consume_uint_tag
Details

OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=472785094

Crash type: Heap-buffer-overflow WRITE 8
Crash state:
cmt_mpack_consume_uint_tag
cmt_mpack_unpack_array
cmt_mpack_unpack_map
References

Affected packages

OSS-Fuzz / fluent-bit

Package

Name
fluent-bit
Purl
pkg:generic/fluent-bit

Affected ranges

Type
GIT
Repo
https://github.com/fluent/fluent-bit/
Events
Introduced
ef3f0750c741ae4586a093adf747bb77c932bec7
Fixed
d6e65fb019a28ec2b16221e2753d4e3284e06ad0

Affected versions

v4.*
v4.2.1
v4.2.2

Ecosystem specific 

{
    "severity": "HIGH"
}

Database specific

source 
"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/fluent-bit/OSV-2026-2.yaml"
introduced_range 
"ae1445463ca03bac9b46147166c0ee00993363e8:10ebd3a354f2a052ac865960145fda844b3b120e"
fixed_range 
"2d3b2338c85b85c688171bef0ef3e221dc410a51:d6e65fb019a28ec2b16221e2753d4e3284e06ad0"