CVE-2020-35963
published 2021-01-03CVE-2020-35963: flb_gzip_compress in flb_gzip.c in Fluent Bit before 1.6.4 has an out-of-bounds write because it does not use the correct calculation of the maximum gzip…
PriorityP337high7.8CVSS 3.1
AVLACLPRNUIRSUCHIHAH
EPSS
1.31%
67.0th percentile
flb_gzip_compress in flb_gzip.c in Fluent Bit before 1.6.4 has an out-of-bounds write because it does not use the correct calculation of the maximum gzip data-size expansion.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| treasuredata | fluent_bit | < 1.6.4 | 1.6.4 |
CVSS provenance
nvdv3.17.8HIGHCVSS:3.1/AV:L/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H
nvdv2.06.8MEDIUMAV:N/AC:M/Au:N/C:P/I:P/A:P
vendor_redhat7.8HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-h5px-998j-r7c9: flb_gzip_compress in flb_gzip
ghsa_unreviewed·2022-05-24
CVE-2020-35963 [HIGH] CWE-787 GHSA-h5px-998j-r7c9: flb_gzip_compress in flb_gzip
flb_gzip_compress in flb_gzip.c in Fluent Bit before 1.6.4 has an out-of-bounds write because it does not use the correct calculation of the maximum gzip data-size expansion.
Red Hat
fluent-bit: Out of bounds write in flb_gzip_compress in flb_gzip.c
vendor_redhat·2021-04-29·CVSS 7.8
CVE-2020-35963 [HIGH] CWE-787 fluent-bit: Out of bounds write in flb_gzip_compress in flb_gzip.c
fluent-bit: Out of bounds write in flb_gzip_compress in flb_gzip.c
flb_gzip_compress in flb_gzip.c in Fluent Bit before 1.6.4 has an out-of-bounds write because it does not use the correct calculation of the maximum gzip data-size expansion.
Package: rhacm2/acm-grafana-rhel8 (Red Hat Advanced Cluster Management for Kubernetes 2) - Not affected
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27261https://fluentbit.io/announcements/v1.6.4/https://github.com/fluent/fluent-bit/commit/cadff53c093210404aed01c4cf586adb8caa07afhttps://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27261https://fluentbit.io/announcements/v1.6.4/https://github.com/fluent/fluent-bit/commit/cadff53c093210404aed01c4cf586adb8caa07af
2021-01-03
Published