Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
An issue was discovered in the MQTT input plugin in Fluent Bit through 1.0.4. When this plugin acts as an MQTT broker (server), it mishandles incoming network messages. After processing a crafted packet, the plugin's mqtt_packet_drop function (in /plugins/in_mqtt/mqtt_prot.c) executes the memmove() function with a negative size parameter. That leads to a crash of the whole Fluent Bit server via a SIGSEGV signal.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
Fluent Bit 输入验证错误漏洞
Vulnerability Description
Fluent Bit是一款使用C语言编写的开源日志处理和分析系统。MQTT input plugin是其中的一个MQTT(消息队列遥测传输)输入插件。 Fluent Bit 1.0.4及之前版本中的MQTT输入插件存在安全漏洞。攻击者可借助特制的数据包利用改漏洞造成Fluent Bit服务器崩溃(段错误)。
CVSS Information
N/A
Vulnerability Type
N/A