CVE-2021-27186
HIGHFluent Bit 1.6.10 - Denial of Service via NULL Pointer Dereference in flb_avro.c and http_server/api/v1/metrics.c
Title source: llmDescription
Fluent Bit 1.6.10 has a NULL pointer dereference when an flb_malloc return value is not validated by flb_avro.c or http_server/api/v1/metrics.c.
References (3)
Core 3
Core References
Exploit, Third Party Advisory x_refsource_misc
https://github.com/fluent/fluent-bit/issues/3044
Exploit, Patch, Third Party Advisory x_refsource_misc
https://github.com/fluent/fluent-bit/pull/3045
Patch, Third Party Advisory x_refsource_misc
https://github.com/fluent/fluent-bit/pull/3047
Scores
CVSS v3
7.5
EPSS
0.0199
EPSS Percentile
78.1%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Details
CWE
CWE-476
Status
published
Products (1)
treasuredata/fluent_bit
1.6.10
Published
Feb 10, 2021
Tracked Since
Feb 18, 2026