Treasuredata: >> Fluent Bit >> 2.1.10 Security Vulnerabilities
A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, information disclosure, or remote code execution.
CVSS Score
9.8
EPSS Score
0.791
Published
2024-05-20
In Fluent Bit 2.1.8 through 2.2.1, a NULL pointer dereference can be caused via an invalid HTTP payload with the content type of x-www-form-urlencoded. It crashes and does not restart. This could result in logs not being delivered properly.
CVSS Score
7.5
EPSS Score
0.007
Published
2024-03-26