Vulnerabilities > CVE-2021-27186 - NULL Pointer Dereference vulnerability in Treasuredata Fluent BIT 1.6.10

047910
CVSS 5.0 - MEDIUM
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
NONE
Integrity impact
NONE
Availability impact
PARTIAL
network
low complexity
treasuredata
CWE-476
NVD
Published: 2021-02-10
Updated: 2021-02-16

Summary

Fluent Bit 1.6.10 has a NULL pointer dereference when an flb_malloc return value is not validated by flb_avro.c or http_server/api/v1/metrics.c.

Vulnerable Configurations

Part Description Count
Application
Treasuredata
1

Common Weakness Enumeration (CWE)

References