PT-2026-53006 · Rubygems · Fluent-Plugin-S3

Publicado

2026-06-26

·

Atualizado

2026-06-26

·

CVE-2026-44162

CVSS v3.1

2.7

Baixa

VetorAV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:L
The fluent-plugin-s3 plugin (specifically the in s3 input plugin) supports reading and decompressing heavily compressed files (such as gzip, lzma2, and lzop) from Amazon S3. It was discovered that the plugin read the entire decompressed payload into memory at once without enforcing a strict size limit.
If an attacker has sufficient permissions to upload files to the monitored S3 bucket, they can upload a maliciously crafted, highly compressed file. When Fluentd attempts to decompress this file, it will expand to an excessive size and it will consume significant system resources.

Impact

This vulnerability allows for a Denial of Service (DoS) attack via memory exhaustion. The rapid memory consumption during decompression can lead to an Out-of-Memory kill of the Fluentd process by the operating system, This results in the disruption of all log collection on the affected node.

Patches

v1.8.5

Workarounds

If an immediate upgrade is not possible, mitigate the risk by applying strict IAM access controls:
  1. Restrict Bucket Access
  • Ensure that write (PUT) access to the S3 bucket monitored by in s3 is strictly limited to trusted services and administrators. Prevent any public or untrusted uploads to the S3 bucket.

Correção

Allocation of Resources Without Limits

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-44162
GHSA-XV9W-7V6Q-HPJH

Produtos afetados

Fluent-Plugin-S3