CVE-2021-41186

Source
https://nvd.nist.gov/vuln/detail/CVE-2021-41186
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2021-41186.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2021-41186
Aliases
Related
Withdrawn
2024-05-08T06:51:35.997119Z
Published
2021-10-29T14:15:07Z
Modified
2023-12-06T00:46:31.627273Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator
Summary
[none]
Details

Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parserapache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack. This issue is patched in version 1.14.2 There are two workarounds available. Either don't use parserapache2 for parsing logs (which cannot guarantee generated by Apache), or put patched version of parser_apache2.rb into /etc/fluent/plugin directory (or any other directories specified by the environment variable FLUENT_PLUGIN or --plugin option of fluentd).

References

Affected packages

Git / github.com/fluent/fluentd

Affected ranges

Type
GIT
Repo
https://github.com/fluent/fluentd
Events

Affected versions

v0.*

v0.14.14
v0.14.15
v0.14.16
v0.14.17
v0.14.18
v0.14.19
v0.14.20
v0.14.20.rc1
v0.14.21
v0.14.22
v0.14.22.rc1
v0.14.22.rc2
v0.14.23
v0.14.23.rc1
v0.14.24
v0.14.25

v1.*

v1.0.0
v1.0.0.rc1
v1.0.1
v1.0.2
v1.1.0
v1.1.1
v1.1.2
v1.1.3
v1.10.0
v1.10.1
v1.10.2
v1.10.3
v1.10.4
v1.11.0
v1.11.1
v1.11.2
v1.11.3
v1.11.4
v1.11.5
v1.12.0
v1.12.0.rc1
v1.12.0.rc2
v1.12.1
v1.12.2
v1.12.3
v1.12.4
v1.13.0
v1.13.1
v1.13.2
v1.13.3
v1.14.0
v1.14.0.rc
v1.14.1
v1.2.0
v1.2.0.pre1
v1.2.1
v1.2.2
v1.2.3
v1.2.4
v1.2.4.rc1
v1.2.5
v1.2.5.rc1
v1.2.6
v1.3.0
v1.3.1
v1.3.2
v1.3.3
v1.4.0
v1.4.1
v1.4.2
v1.5.0
v1.5.0.rc1
v1.5.1
v1.6.0
v1.6.1
v1.6.2
v1.6.3
v1.7.0
v1.7.0.rc1
v1.7.1
v1.7.2
v1.7.3
v1.8.0
v1.8.0.rc1
v1.8.0.rc2
v1.8.0.rc3
v1.8.1
v1.9.0
v1.9.0.rc1
v1.9.0.rc2
v1.9.1
v1.9.2
v1.9.3