Описание
An issue was discovered in Treasure Data Fluent Bit 1.7.1, a wrong variable is used to get the msgpack data resulting in a heap overflow in flb_msgpack_gelf_value_ext. An attacker can craft a malicious file and tick the victim to open the file with the software, triggering a heap overflow and execute arbitrary code on the target system.
Ссылки
- ExploitIssue TrackingPatchThird Party Advisory
- Patch
- ExploitIssue TrackingPatchThird Party Advisory
- Patch
Уязвимые конфигурации
Конфигурация 1
cpe:2.3:a:treasuredata:fluent_bit:1.7.1:*:*:*:*:*:*:*
EPSS
Процентиль: 8%
0.00029
Низкий
7.8 High
CVSS3
Дефекты
CWE-787
CWE-787
Связанные уязвимости
CVSS3: 7.8
github
почти 3 года назад
An issue was discovered in Treasure Data Fluent Bit 1.7.1, a wrong variable is used to get the msgpack data resulting in a heap overflow in flb_msgpack_gelf_value_ext. An attacker can craft a malicious file and tick the victim to open the file with the software, triggering a heap overflow and execute arbitrary code on the target system.
EPSS
Процентиль: 8%
0.00029
Низкий
7.8 High
CVSS3
Дефекты
CWE-787
CWE-787