cvedb.io
CVE-2019-9749
HIGH · CVSS 7.5
EPSS exploitation probability: 0%
Published 2019-03-13T19:29:00.297 · Last modified 2026-06-17T02:44:16.890

Summary

An issue was discovered in the MQTT input plugin in Fluent Bit through 1.0.4. When this plugin acts as an MQTT broker (server), it mishandles incoming network messages. After processing a crafted packet, the plugin's mqtt_packet_drop function (in /plugins/in_mqtt/mqtt_prot.c) executes the memmove() function with a negative size parameter. That leads to a crash of the whole Fluent Bit server via a SIGSEGV signal.

Affected products

treasuredata — fluent_bit

Does this affect you?

Add your gear to cvedb and we'll alert you only when treasuredata ships something exploited.

Check my exposure →

References

This product uses data from the NVD API but is not endorsed or certified by the NVD. Informational only; not professional security advice.