Vulnerability-Lookup

CVE-2021-41186 (GCVE-0-2021-41186)

Vulnerability from cvelistv5 – Published: 2021-10-29 13:40 – Updated: 2024-08-04 03:08

Title

ReDoS vulnerability in parser_apache2

Summary

Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parser_apache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack. This issue is patched in version 1.14.2 There are two workarounds available. Either don't use parser_apache2 for parsing logs (which cannot guarantee generated by Apache), or put patched version of parser_apache2.rb into /etc/fluent/plugin directory (or any other directories specified by the environment variable `FLUENT_PLUGIN` or `--plugin` option of fluentd).

Severity ?

5.9 (Medium)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

CWE-400 - Uncontrolled Resource Consumption

Assigner

GitHub_M

References

URL

	Vendor	Product	Version
	fluent	fluentd	Affected: >= 0.14.14, < 1.14.2

GHSA-HWHF-64MH-R662

Vulnerability from github – Published: 2021-11-01 19:16 – Updated: 2021-11-04 17:05

Summary

ReDoS vulnerability in parser_apache2

Details

Impact

parser_apache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack.

Patches

v1.14.2

Workarounds

Either of the following:

Don't use parser_apache2 for parsing logs which cannot guarantee generated by Apache.
Put patched version of parser_apache2.rb into /etc/fluent/plugin directory (or any other directories specified by the environment variable FLUENT_PLUGIN or --plugin option of fluentd).

References

CVE-2021-41186
GHSA-hwhf-64mh-r662
GHSL-2021-102
https://github.com/fluent/fluentd/blob/master/CHANGELOG.md#v1142

Severity ?

5.9 (Medium)


                  
                    CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "RubyGems",
        "name": "fluentd"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.14.14"
            },
            {
              "fixed": "1.14.2"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-41186"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-400"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2021-10-29T13:44:13Z",
    "nvd_published_at": "2021-10-29T14:15:00Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\nparser_apache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack.\n\n### Patches\nv1.14.2\n\n### Workarounds\nEither of the following:\n\n* Don\u0027t use parser_apache2 for parsing logs which cannot guarantee generated by Apache.\n* Put patched version of parser_apache2.rb into /etc/fluent/plugin  directory (or any other directories specified by the environment variable `FLUENT_PLUGIN` or `--plugin` option of fluentd).\n\n### References\n* [CVE-2021-41186](http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-41186)\n* [GHSA-hwhf-64mh-r662](https://github.com/fluent/fluentd/security/advisories/GHSA-hwhf-64mh-r662)\n* [GHSL-2021-102](https://securitylab.github.com/advisories/GHSL-2021-102-fluent-fluentd/)\n* https://github.com/fluent/fluentd/blob/master/CHANGELOG.md#v1142\n",
  "id": "GHSA-hwhf-64mh-r662",
  "modified": "2021-11-04T17:05:51Z",
  "published": "2021-11-01T19:16:31Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/fluent/fluentd/security/advisories/GHSA-hwhf-64mh-r662"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41186"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fluent/fluentd/commit/5482a3d049dab351de0be68f4b4bc562319d8511"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/fluent/fluentd"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fluent/fluentd/blob/master/CHANGELOG.md#v1142"
    },
    {
      "type": "WEB",
      "url": "https://github.com/github/securitylab-vulnerabilities/blob/52dc4a2a828c6dc24231967c2937ad92038184a9/vendor_reports/GHSL-2021-102-fluent-fluentd.md"
    },
    {
      "type": "WEB",
      "url": "https://github.com/rubysec/ruby-advisory-db/blob/master/gems/fluentd/CVE-2021-41186.yml"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "ReDoS vulnerability in parser_apache2"
}

GSD-2021-41186

Vulnerability from gsd - Updated: 2021-11-01 00:00

Details

### Impact parser_apache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack. ### Patches v1.14.2 ### Workarounds Either of the following: * Don't use parser_apache2 for parsing logs which cannot guarantee generated by Apache. * Put patched version of parser_apache2.rb into /etc/fluent/plugin directory (or any other directories specified by the environment variable `FLUENT_PLUGIN` or `--plugin` option of fluentd).

Aliases

CVE-2021-41186

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2021-41186",
    "description": "Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parser_apache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack. This issue is patched in version 1.14.2 There are two workarounds available. Either don\u0027t use parser_apache2 for parsing logs (which cannot guarantee generated by Apache), or put patched version of parser_apache2.rb into /etc/fluent/plugin directory (or any other directories specified by the environment variable `FLUENT_PLUGIN` or `--plugin` option of fluentd).",
    "id": "GSD-2021-41186",
    "references": [
      "https://www.suse.com/security/cve/CVE-2021-41186.html"
    ]
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "affected": [
        {
          "package": {
            "ecosystem": "RubyGems",
            "name": "fluentd",
            "purl": "pkg:gem/fluentd"
          }
        }
      ],
      "aliases": [
        "CVE-2021-41186",
        "GHSA-hwhf-64mh-r662"
      ],
      "details": "### Impact\nparser_apache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack.\n\n### Patches\nv1.14.2\n\n### Workarounds\nEither of the following:\n\n* Don\u0027t use parser_apache2 for parsing logs which cannot guarantee generated by Apache.\n* Put patched version of parser_apache2.rb into /etc/fluent/plugin  directory (or any other directories specified by the environment variable `FLUENT_PLUGIN` or `--plugin` option of fluentd).\n",
      "id": "GSD-2021-41186",
      "modified": "2021-11-01T00:00:00.000Z",
      "published": "2021-11-01T00:00:00.000Z",
      "references": [
        {
          "type": "WEB",
          "url": "https://github.com/fluent/fluentd/security/advisories/GHSA-hwhf-64mh-r662"
        },
        {
          "type": "WEB",
          "url": "https://securitylab.github.com/advisories/GHSL-2021-102-fluent-fluentd/"
        },
        {
          "type": "WEB",
          "url": "https://github.com/fluent/fluentd/blob/master/CHANGELOG.md#v1142"
        }
      ],
      "schema_version": "1.4.0",
      "severity": [
        {
          "score": 5.9,
          "type": "CVSS_V3"
        }
      ],
      "summary": "ReDoS vulnerability in parser_apache2"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2021-41186",
        "STATE": "PUBLIC",
        "TITLE": "ReDoS vulnerability in parser_apache2"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "fluentd",
                    "version": {
                      "version_data": [
                        {
                          "version_value": "\u003e= 0.14.14, \u003c 1.14.2"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "fluent"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parser_apache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack. This issue is patched in version 1.14.2 There are two workarounds available. Either don\u0027t use parser_apache2 for parsing logs (which cannot guarantee generated by Apache), or put patched version of parser_apache2.rb into /etc/fluent/plugin directory (or any other directories specified by the environment variable `FLUENT_PLUGIN` or `--plugin` option of fluentd)."
          }
        ]
      },
      "impact": {
        "cvss": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        }
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "lang": "eng",
                "value": "CWE-400: Uncontrolled Resource Consumption"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/fluent/fluentd/security/advisories/GHSA-hwhf-64mh-r662",
            "refsource": "CONFIRM",
            "url": "https://github.com/fluent/fluentd/security/advisories/GHSA-hwhf-64mh-r662"
          },
          {
            "name": "https://github.com/fluent/fluentd/blob/master/CHANGELOG.md#v1142",
            "refsource": "MISC",
            "url": "https://github.com/fluent/fluentd/blob/master/CHANGELOG.md#v1142"
          },
          {
            "name": "https://github.com/github/securitylab-vulnerabilities/blob/52dc4a2a828c6dc24231967c2937ad92038184a9/vendor_reports/GHSL-2021-102-fluent-fluentd.md",
            "refsource": "MISC",
            "url": "https://github.com/github/securitylab-vulnerabilities/blob/52dc4a2a828c6dc24231967c2937ad92038184a9/vendor_reports/GHSL-2021-102-fluent-fluentd.md"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-hwhf-64mh-r662",
        "discovery": "UNKNOWN"
      }
    },
    "github.com/rubysec/ruby-advisory-db": {
      "cve": "2021-41186",
      "cvss_v3": 5.9,
      "date": "2021-11-01",
      "description": "### Impact\nparser_apache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack.\n\n### Patches\nv1.14.2\n\n### Workarounds\nEither of the following:\n\n* Don\u0027t use parser_apache2 for parsing logs which cannot guarantee generated by Apache.\n* Put patched version of parser_apache2.rb into /etc/fluent/plugin  directory (or any other directories specified by the environment variable `FLUENT_PLUGIN` or `--plugin` option of fluentd).\n",
      "gem": "fluentd",
      "ghsa": "hwhf-64mh-r662",
      "patched_versions": [
        "\u003e= 1.14.2"
      ],
      "related": {
        "url": [
          "https://securitylab.github.com/advisories/GHSL-2021-102-fluent-fluentd/",
          "https://github.com/fluent/fluentd/blob/master/CHANGELOG.md#v1142"
        ]
      },
      "title": "ReDoS vulnerability in parser_apache2",
      "unaffected_versions": [
        "\u003c 0.14.14"
      ],
      "url": "https://github.com/fluent/fluentd/security/advisories/GHSA-hwhf-64mh-r662"
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003e=0.14.14 \u003c=1.14.1",
          "affected_versions": "All versions starting from 0.14.14 up to 1.14.1",
          "cvss_v2": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-400",
            "CWE-937"
          ],
          "date": "2021-11-03",
          "description": "Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The `parser_apache2` plugin in Fluentd suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack. There are two workarounds available. Either don\u0027t use `parser_apache2` for parsing logs (which cannot guarantee generated by Apache), or put patched version of `parser_apache2.rb` into `/etc/fluent/plugin` directory (or any other directories specified by the environment variable `FLUENT_PLUGIN` or `--plugin` option of fluentd).",
          "fixed_versions": [
            "1.14.2"
          ],
          "identifier": "CVE-2021-41186",
          "identifiers": [
            "CVE-2021-41186",
            "GHSA-hwhf-64mh-r662"
          ],
          "not_impacted": "All versions before 0.14.14, all versions after 1.14.1",
          "package_slug": "gem/fluentd",
          "pubdate": "2021-10-29",
          "solution": "Upgrade to version 1.14.2 or above.",
          "title": "Uncontrolled Resource Consumption",
          "urls": [
            "https://nvd.nist.gov/vuln/detail/CVE-2021-41186",
            "https://github.com/fluent/fluentd/blob/master/CHANGELOG.md#v1142",
            "https://github.com/github/securitylab-vulnerabilities/blob/52dc4a2a828c6dc24231967c2937ad92038184a9/vendor_reports/GHSL-2021-102-fluent-fluentd.md",
            "https://github.com/fluent/fluentd/security/advisories/GHSA-hwhf-64mh-r662"
          ],
          "uuid": "2da0ec89-7e7d-4102-9fb3-951e13275888"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:fluentd:fluentd:*:*:*:*:*:*:*:*",
                "cpe_name": [],
                "versionEndIncluding": "1.14.1",
                "versionStartIncluding": "0.14.14",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2021-41186"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parser_apache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack. This issue is patched in version 1.14.2 There are two workarounds available. Either don\u0027t use parser_apache2 for parsing logs (which cannot guarantee generated by Apache), or put patched version of parser_apache2.rb into /etc/fluent/plugin directory (or any other directories specified by the environment variable `FLUENT_PLUGIN` or `--plugin` option of fluentd)."
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-400"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/fluent/fluentd/blob/master/CHANGELOG.md#v1142",
              "refsource": "MISC",
              "tags": [
                "Release Notes",
                "Third Party Advisory"
              ],
              "url": "https://github.com/fluent/fluentd/blob/master/CHANGELOG.md#v1142"
            },
            {
              "name": "https://github.com/github/securitylab-vulnerabilities/blob/52dc4a2a828c6dc24231967c2937ad92038184a9/vendor_reports/GHSL-2021-102-fluent-fluentd.md",
              "refsource": "MISC",
              "tags": [
                "Broken Link"
              ],
              "url": "https://github.com/github/securitylab-vulnerabilities/blob/52dc4a2a828c6dc24231967c2937ad92038184a9/vendor_reports/GHSL-2021-102-fluent-fluentd.md"
            },
            {
              "name": "https://github.com/fluent/fluentd/security/advisories/GHSA-hwhf-64mh-r662",
              "refsource": "CONFIRM",
              "tags": [
                "Third Party Advisory"
              ],
              "url": "https://github.com/fluent/fluentd/security/advisories/GHSA-hwhf-64mh-r662"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV2": {
          "acInsufInfo": false,
          "cvssV2": {
            "accessComplexity": "LOW",
            "accessVector": "NETWORK",
            "authentication": "NONE",
            "availabilityImpact": "PARTIAL",
            "baseScore": 5.0,
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
            "version": "2.0"
          },
          "exploitabilityScore": 10.0,
          "impactScore": 2.9,
          "obtainAllPrivilege": false,
          "obtainOtherPrivilege": false,
          "obtainUserPrivilege": false,
          "severity": "MEDIUM",
          "userInteractionRequired": false
        },
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2021-11-03T00:11Z",
      "publishedDate": "2021-10-29T14:15Z"
    }
  }
}

bit-fluentd-2021-41186

Vulnerability from bitnami_vulndb

Published

2024-03-06 10:52

Modified

2025-05-20 10:02

Summary

ReDoS vulnerability in parser_apache2

Details

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "Bitnami",
        "name": "fluentd",
        "purl": "pkg:bitnami/fluentd"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0.14.14"
            },
            {
              "fixed": "1.14.2"
            }
          ],
          "type": "SEMVER"
        }
      ],
      "severity": [
        {
          "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "type": "CVSS_V3"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2021-41186"
  ],
  "database_specific": {
    "cpes": [
      "cpe:2.3:a:fluentd:fluentd:*:*:*:*:*:*:*:*"
    ],
    "severity": "High"
  },
  "details": "Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parser_apache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack. This issue is patched in version 1.14.2 There are two workarounds available. Either don\u0027t use parser_apache2 for parsing logs (which cannot guarantee generated by Apache), or put patched version of parser_apache2.rb into /etc/fluent/plugin directory (or any other directories specified by the environment variable `FLUENT_PLUGIN` or `--plugin` option of fluentd).",
  "id": "BIT-fluentd-2021-41186",
  "modified": "2025-05-20T10:02:07.006Z",
  "published": "2024-03-06T10:52:03.183Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/fluent/fluentd/blob/master/CHANGELOG.md#v1142"
    },
    {
      "type": "WEB",
      "url": "https://github.com/fluent/fluentd/security/advisories/GHSA-hwhf-64mh-r662"
    },
    {
      "type": "WEB",
      "url": "https://github.com/github/securitylab-vulnerabilities/blob/52dc4a2a828c6dc24231967c2937ad92038184a9/vendor_reports/GHSL-2021-102-fluent-fluentd.md"
    },
    {
      "type": "WEB",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2021-41186"
    }
  ],
  "schema_version": "1.5.0",
  "summary": "ReDoS vulnerability in parser_apache2"
}

CERTFR-2025-AVI-0003

Vulnerability from certfr_avis - Published: 2025-01-03 - Updated: 2025-01-03

De multiples vulnérabilités ont été découvertes dans les produits IBM. Certaines d'entre elles permettent à un attaquant de provoquer une exécution de code arbitraire à distance, une élévation de privilèges et un déni de service à distance.

Solutions

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

Impacted products

Vendor	Product	Description
IBM	Db2	Db2 warehouse versions antérieures à 5.1
IBM	Db2	Db2 Big SQL versions antérieures à 7.8
IBM	Db2	Db2 versions antérieures à 5.1

References

Title

Publication Time

FKIE_CVE-2021-41186

Vulnerability from fkie_nvd - Published: 2021-10-29 14:15 - Updated: 2024-11-21 06:25

Severity ?

5.9 (Medium) - CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/fluent/fluentd/blob/master/CHANGELOG.md#v1142	Release Notes, Third Party Advisory
security-advisories@github.com	https://github.com/fluent/fluentd/security/advisories/GHSA-hwhf-64mh-r662	Third Party Advisory
security-advisories@github.com	https://github.com/github/securitylab-vulnerabilities/blob/52dc4a2a828c6dc24231967c2937ad92038184a9/vendor_reports/GHSL-2021-102-fluent-fluentd.md	Broken Link
af854a3a-2127-422b-91ae-364da2661108	https://github.com/fluent/fluentd/blob/master/CHANGELOG.md#v1142	Release Notes, Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/fluent/fluentd/security/advisories/GHSA-hwhf-64mh-r662	Third Party Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/github/securitylab-vulnerabilities/blob/52dc4a2a828c6dc24231967c2937ad92038184a9/vendor_reports/GHSL-2021-102-fluent-fluentd.md	Broken Link

Impacted products

	Vendor	Product	Version
	fluentd	fluentd	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:fluentd:fluentd:*:*:*:*:*:*:*:*",
              "matchCriteriaId": "4AE50BF8-39BA-4467-AA78-83E6BDAD86FF",
              "versionEndIncluding": "1.14.1",
              "versionStartIncluding": "0.14.14",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parser_apache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack. This issue is patched in version 1.14.2 There are two workarounds available. Either don\u0027t use parser_apache2 for parsing logs (which cannot guarantee generated by Apache), or put patched version of parser_apache2.rb into /etc/fluent/plugin directory (or any other directories specified by the environment variable `FLUENT_PLUGIN` or `--plugin` option of fluentd)."
    },
    {
      "lang": "es",
      "value": "Fluentd recoge eventos de varias fuentes de datos y los escribe en archivos para ayudar a unificar la infraestructura de registro. El plugin parser_apache2 en Fluentd versiones v0.14.14 hasta v1.14.1 sufre una vulnerabilidad de denegaci\u00f3n de servicio de expresi\u00f3n regular (ReDoS). Un registro de apache roto con un determinado patr\u00f3n de cadena puede pasar demasiado tiempo en una expresi\u00f3n regular, resultando en un potencial de un ataque DoS. Este problema est\u00e1 parcheado en la versi\u00f3n 1.14.2. Se presentan dos soluciones disponibles. O bien no usar parser_apache2 para analizar los registros (que no pueden ser garantizados por Apache), o poner la versi\u00f3n parcheada de parser_apache2.rb en el directorio /etc/fluent/plugin (o cualquier otro directorio especificado por la variable de entorno \"FLUENT_PLUGIN\" o \"--plugin\" de fluentd)"
    }
  ],
  "id": "CVE-2021-41186",
  "lastModified": "2024-11-21T06:25:42.890",
  "metrics": {
    "cvssMetricV2": [
      {
        "acInsufInfo": false,
        "baseSeverity": "MEDIUM",
        "cvssData": {
          "accessComplexity": "LOW",
          "accessVector": "NETWORK",
          "authentication": "NONE",
          "availabilityImpact": "PARTIAL",
          "baseScore": 5.0,
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:P",
          "version": "2.0"
        },
        "exploitabilityScore": 10.0,
        "impactScore": 2.9,
        "obtainAllPrivilege": false,
        "obtainOtherPrivilege": false,
        "obtainUserPrivilege": false,
        "source": "nvd@nist.gov",
        "type": "Primary",
        "userInteractionRequired": false
      }
    ],
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "HIGH",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 5.9,
          "baseSeverity": "MEDIUM",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 2.2,
        "impactScore": 3.6,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2021-10-29T14:15:07.730",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://github.com/fluent/fluentd/blob/master/CHANGELOG.md#v1142"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/fluent/fluentd/security/advisories/GHSA-hwhf-64mh-r662"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Broken Link"
      ],
      "url": "https://github.com/github/securitylab-vulnerabilities/blob/52dc4a2a828c6dc24231967c2937ad92038184a9/vendor_reports/GHSL-2021-102-fluent-fluentd.md"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes",
        "Third Party Advisory"
      ],
      "url": "https://github.com/fluent/fluentd/blob/master/CHANGELOG.md#v1142"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Third Party Advisory"
      ],
      "url": "https://github.com/fluent/fluentd/security/advisories/GHSA-hwhf-64mh-r662"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Broken Link"
      ],
      "url": "https://github.com/github/securitylab-vulnerabilities/blob/52dc4a2a828c6dc24231967c2937ad92038184a9/vendor_reports/GHSL-2021-102-fluent-fluentd.md"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-400"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    }
  ]
}

Sightings

Author	Source	Type	Date

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2021-41186 (GCVE-0-2021-41186)

GHSA-HWHF-64MH-R662

Impact

Patches

Workarounds

References

GSD-2021-41186

bit-fluentd-2021-41186

Vulnerability from bitnami_vulndb

CERTFR-2025-AVI-0003

Solutions

FKIE_CVE-2021-41186

Tags

Sightings

Nomenclature