CVE-2021-46879 Information

Description

An issue was discovered in Treasure Data Fluent Bit 1.7.1 a wrong variable is used to get the msgpack data resulting in a heap overflow in flb_msgpack_gelf_value_ext. An attacker can craft a malicious file and tick the victim to open the file with the software triggering a heap overflow and execute arbitrary code on the target system.

Reference

https://github.com/fluent/fluent-bit/pull/3100 https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=26851