CVE-2025-29477

Medium CVSS: 5.5

An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the function consume_event.

Vendor

Product

CWE

Yayın Tarihi

2025-04-04 18:15:48

Güncelleme

2025-12-08 18:47:38

Source Identifier

cve@mitre.org

KEV Date Added

CWE-400 Fluent Bit MEDIUM Treasuredata 2025

https://github.com/lmarch2/poc/blob/main/fluent-bit/fluent-bit.md

Medium

CVE-2025-12969

Fluent Bit in_forward input plugin does not properly enforce the security.users authentication mechanism under certain c…

High

CVE-2025-12970

The extract_name function in Fluent Bit in_docker input plugin copies container names into a fixed size stack buffer wit…

Medium

CVE-2025-12972

Fluent Bit out_file plugin does not properly sanitize tag values when deriving output file names. When the File option i…

Critical

CVE-2025-12977

Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins fail to sanitize tag_key inputs. An attacker with netw…

Medium

CVE-2025-12978

Fluent Bit in_http, in_splunk, and in_elasticsearch input plugins contain a flaw in the tag_key validation logic that fa…

Medium

CVE-2025-29478

An issue in fluent-bit v.3.7.2 allows a local attacker to cause a denial of service via the cfl_list_size in cfl_list.h:…