mirror of
https://github.com/fkie-cad/nvd-json-data-feeds.git
synced 2025-05-29 01:31:20 +00:00
24 lines
969 B
JSON
24 lines
969 B
JSON
{
|
|
"id": "CVE-2021-46878",
|
|
"sourceIdentifier": "cve@mitre.org",
|
|
"published": "2023-04-11T18:15:58.340",
|
|
"lastModified": "2023-04-11T18:19:45.473",
|
|
"vulnStatus": "Undergoing Analysis",
|
|
"descriptions": [
|
|
{
|
|
"lang": "en",
|
|
"value": "An issue was discovered in Treasure Data Fluent Bit 1.7.1, erroneous parsing in flb_pack_msgpack_to_json_format leads to type confusion bug that interprets whatever is on the stack as msgpack maps and arrays, leading to use-after-free. This can be used by an attacker to craft a specially craft file and trick the victim opening it using the affect software, triggering use-after-free and execute arbitrary code on the target system."
|
|
}
|
|
],
|
|
"metrics": {},
|
|
"references": [
|
|
{
|
|
"url": "https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=27742",
|
|
"source": "cve@mitre.org"
|
|
},
|
|
{
|
|
"url": "https://github.com/fluent/fluent-bit/pull/3115",
|
|
"source": "cve@mitre.org"
|
|
}
|
|
]
|
|
} |