CVE-2021-46879

Name of the Vulnerable Software and Affected Versions Treasure Data Fluent Bit version 1.7.1

Description An issue was discovered in Treasure Data Fluent Bit, where a wrong variable is used to get the msgpack data, resulting in a heap overflow in flb msgpack gelf value ext. An attacker can craft a malicious file and trick the victim into opening the file with the software, triggering a heap overflow and executing arbitrary code on the target system.

Recommendations For Treasure Data Fluent Bit version 1.7.1, consider disabling the flb msgpack gelf value ext function until a patch is available to prevent the heap overflow and potential code execution. Restrict access to potentially malicious files to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.