CVE-2025-12970

High CVSS: 8.8

The extract_name function in Fluent Bit in_docker input plugin copies container names into a fixed size stack buffer without validating length. An attacker who can create containers or control container names, can supply a long name that overflows the buffer, leading to process crash or arbitrary code execution.

Vendor

Treasuredata

Product

Fluent Bit

CWE

CWE-120

Yayın Tarihi

2025-11-24 15:15:46

Güncelleme

2025-11-28 18:15:46

Source Identifier

cret@cert.org

KEV Date Added

Kategoriler

CWE-120 Fluent Bit HIGH Treasuredata 2025

Referanslar

https://fluentbit.io/blog/2025/10/28/security-vulnerabilities-addressed-in-fluent-bit-v4.1-and-backported-to-v4.0/ https://www.oligo.security/blog/critical-vulnerabilities-in-fluent-bit-expose-cloud-environments-to-remote-takeover

Benzer Kayıtlar

Medium

CVE-2025-12969

Fluent Bit in_forward input plugin does not properly enforce the security.users authentication mechanism under certain c…

Medium

CVE-2025-12972

Fluent Bit out_file plugin does not properly sanitize tag values when deriving output file names. When the File option i…

Critical

CVE-2025-12977

Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins fail to sanitize tag_key inputs. An attacker with netw…

Medium

CVE-2025-12978

Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins contain a flaw in the tag_key validation logic that fa…

Medium

CVE-2025-29478

An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:…

Medium

CVE-2025-29477

An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.