Vulnerabilities > Treasuredata

DATE CVE VULNERABILITY TITLE RISK
2023-04-11 CVE-2021-46878 Type Confusion vulnerability in Treasuredata Fluent BIT 1.7.1
An issue was discovered in Treasure Data Fluent Bit 1.7.1, erroneous parsing in flb_pack_msgpack_to_json_format leads to type confusion bug that interprets whatever is on the stack as msgpack maps and arrays, leading to use-after-free.
local
low complexity
treasuredata CWE-843
7.8
2023-04-11 CVE-2021-46879 Out-of-bounds Write vulnerability in Treasuredata Fluent BIT 1.7.1
An issue was discovered in Treasure Data Fluent Bit 1.7.1, a wrong variable is used to get the msgpack data resulting in a heap overflow in flb_msgpack_gelf_value_ext.
local
low complexity
treasuredata CWE-787
7.8
2021-07-01 CVE-2021-36088 Double Free vulnerability in Treasuredata Fluent BIT 1.7.0
Fluent Bit (aka fluent-bit) 1.7.0 through 1.7,4 has a double free in flb_free (called from flb_parser_json_do and flb_parser_do).
network
low complexity
treasuredata CWE-415
7.5
2021-02-10 CVE-2021-27186 NULL Pointer Dereference vulnerability in Treasuredata Fluent BIT 1.6.10
Fluent Bit 1.6.10 has a NULL pointer dereference when an flb_malloc return value is not validated by flb_avro.c or http_server/api/v1/metrics.c.
network
low complexity
treasuredata CWE-476
5.0
2021-01-03 CVE-2020-35963 Out-of-bounds Write vulnerability in Treasuredata Fluent BIT
flb_gzip_compress in flb_gzip.c in Fluent Bit before 1.6.4 has an out-of-bounds write because it does not use the correct calculation of the maximum gzip data-size expansion.
6.8
2019-03-13 CVE-2019-9749 Improper Input Validation vulnerability in Treasuredata Fluent BIT
An issue was discovered in the MQTT input plugin in Fluent Bit through 1.0.4.
network
low complexity
treasuredata CWE-20
5.0