PT-2020-5656 · Fluent Bit · Fluent-Bit

Published

2020-11-07

Updated

2024-03-06

CVE-2020-35963

CVSS v3.1

7.8

High

Vector

AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Fluent Bit versions prior to 1.6.4

Description The issue is related to the flb gzip compress function in Fluent Bit, which has an out-of-bounds write due to incorrect calculation of the maximum gzip data-size expansion. This could allow a remote attacker to cause a denial of service.

Recommendations For versions prior to 1.6.4, update to version 1.6.4 or later to resolve the issue. As a temporary workaround, consider disabling the flb gzip compress function until a patch is available.

Exploit

Fix

Memory Corruption

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-787

Related Identifiers

BDU:2021-01356

BIT-FLUENT-BIT-2020-35963

CVE-2020-35963

Affected Products

Fluent-Bit

PT-2020-5656 · Fluent Bit · Fluent-Bit

CVE-2020-35963

Weakness Enumeration

Related Identifiers

Affected Products

References · 11