Vulnerabilities > Treasuredata > High
| DATE | CVE | VULNERABILITY TITLE | RISK |
|---|---|---|---|
| 2023-04-11 | CVE-2021-46878 | Type Confusion vulnerability in Treasuredata Fluent BIT 1.7.1 An issue was discovered in Treasure Data Fluent Bit 1.7.1, erroneous parsing in flb_pack_msgpack_to_json_format leads to type confusion bug that interprets whatever is on the stack as msgpack maps and arrays, leading to use-after-free. | 7.8 |
| 2023-04-11 | CVE-2021-46879 | Out-of-bounds Write vulnerability in Treasuredata Fluent BIT 1.7.1 An issue was discovered in Treasure Data Fluent Bit 1.7.1, a wrong variable is used to get the msgpack data resulting in a heap overflow in flb_msgpack_gelf_value_ext. | 7.8 |
| 2021-02-10 | CVE-2021-27186 | NULL Pointer Dereference vulnerability in Treasuredata Fluent BIT 1.6.10 Fluent Bit 1.6.10 has a NULL pointer dereference when an flb_malloc return value is not validated by flb_avro.c or http_server/api/v1/metrics.c. | 7.5 |
| 2021-01-03 | CVE-2020-35963 | Out-of-bounds Write vulnerability in Treasuredata Fluent BIT flb_gzip_compress in flb_gzip.c in Fluent Bit before 1.6.4 has an out-of-bounds write because it does not use the correct calculation of the maximum gzip data-size expansion. | 7.8 |
| 2019-03-13 | CVE-2019-9749 | Incorrect Conversion between Numeric Types vulnerability in Treasuredata Fluent BIT An issue was discovered in the MQTT input plugin in Fluent Bit through 1.0.4. | 7.5 |