CVE-2025-12970 — Classic Buffer Overflow in Fluent BIT

CWE-120 — Classic Buffer Overflow4 documents4 sources

Severity

8.8HIGHNVD

EPSS

0.2%

top 57.72%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Fluentbit Fluent BIT Treasuredata Fluent BIT Msrc Azl3 Fluent-bit 3.1.10-2 ON Azure Linux 3.0 +2 more

Timeline

PublishedNov 24

Latest updateDec 1

Description

The extract_name function in Fluent Bit in_docker input plugin copies container names into a fixed size stack buffer without validating length. An attacker who can create containers or control container names, can supply a long name that overflows the buffer, leading to process crash or arbitrary code execution.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:HExploitability: 2.8 | Impact: 5.9

Affected Packages5 packages

▶CVEListV5fluentbit/fluent_bit< 4.0.12

▶NVDtreasuredata/fluent_bit4.1.0

▶msrcmsrc/azl3_fluent-bit_3.1.9-6_on_azure_linux_3.0

▶msrcmsrc/cbl2_fluent-bit_3.0.6-4_on_cbl_mariner_2.0

▶msrcmsrc/azl3_fluent-bit_3.1.10-2_on_azure_linux_3.0

🔴Vulnerability Details

GHSA

GHSA-8rpx-2j25-w4rp: The extract_name function in Fluent Bit in_docker input plugin copies container names into a fixed size stack buffer without validating length↗2025-11-24

▶

📋Vendor Advisories

Microsoft

CVE-2025-12970: CVE-2025-12970 Mariner: Mariner certcc: certcc Customer Action Required: Yes Remediation: CBL-Mariner Releases Reference: https://learn↗2025-11-11

▶

🕵️Threat Intelligence

Wiz

Supply Chain Attacks & AI Vulnerabilities: December Cloud Security Update | Wiz↗2025-12-01

▶