Description
An issue was discovered in the MQTT input plugin in Fluent Bit through 1.0.4. When this plugin acts as an MQTT broker (server), it mishandles incoming network messages. After processing a crafted packet, the plugin's mqtt_packet_drop function (in /plugins/in_mqtt/mqtt_prot.c) executes the memmove() function with a negative size parameter. That leads to a crash of the whole Fluent Bit server via a SIGSEGV signal.
References (1)
Core 1
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/fluent/fluent-bit/issues/1135
Scores
CVSS v3
7.5
EPSS
0.0166
EPSS Percentile
73.5%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-681
Status
published
Products (1)
treasuredata/fluent_bit
< 1.0.4
Published
Mar 13, 2019
Tracked Since
Feb 18, 2026