Headline
CVE-2021-46878: pack: fix type confusion bugs. Amongst other OSS-Fuzz 5136174263566336 by DavidKorczynski · Pull Request #3115 · fluent/fluent-bit
An issue was discovered in Treasure Data Fluent Bit 1.7.1, erroneous parsing in flb_pack_msgpack_to_json_format leads to type confusion bug that interprets whatever is on the stack as msgpack maps and arrays, leading to use-after-free. This can be used by an attacker to craft a specially craft file and trick the victim opening it using the affect software, triggering use-after-free and execute arbitrary code on the target system.
This a fairly important fix, in that many plugins call flb_pack_msgpack_to_json_format, however there are some important bugs in this function due to missing checking of the type of msgpack objects. This leads to type confusion bugs that interprets whatever is on the stack as msgpack maps and arrays. This leads to all sorts of trouble.
Signed-off-by: davkor [email protected]
Enter [N/A] in the box, if an item is not applicable to your change.
Testing
Before we can approve your change; please submit the following in a comment:
[N/A] Example configuration file for the change
[N/A] Debug log output from testing the change
[N/A] Attached Valgrind output that shows no leaks or memory corruption was found
Documentation
- [N/A] Documentation required for this feature
Fluent Bit is licensed under Apache 2.0, by submitting this pull request I understand that this code will be released under the terms of that license.