CVE-2019-9749

Name of the Vulnerable Software and Affected Versions Fluent Bit versions through 1.0.4

Description An issue in the MQTT input plugin, when acting as an MQTT broker, mishandles incoming network messages. After processing a crafted packet, the mqtt packet drop function executes the memmove() function with a negative size parameter, leading to a crash of the Fluent Bit server via a SIGSEGV signal.

Recommendations For Fluent Bit versions through 1.0.4, consider disabling the MQTT input plugin until a patch is available to prevent the server from crashing due to crafted network messages.