Davkor

**Name of the Vulnerable Software and Affected Versions** Treasure Data Fluent Bit version 1.7.1 **Description** An issue was discovered in Treasure Data Fluent Bit, where erroneous parsing in `flb pack msgpack to json format` leads to a type confusion bug. This bug interprets whatever is on the stack as msgpack maps and arrays, leading to use-after-free. An attacker can craft a specially crafted file and trick the victim into opening it using the affected software, triggering use-after-free and executing arbitrary code on the target system. **Recommendations** For Treasure Data Fluent Bit version 1.7.1, consider disabling the `flb pack msgpack to json format` function until a patch is available to prevent exploitation. Restrict access to potentially vulnerable files to minimize the risk of triggering the use-after-free bug. At the moment, there is no information about a newer version that contains a fix for this vulnerability.