{"id":"CVE-2021-36088","details":"Fluent Bit (aka fluent-bit) 1.7.0 through 1.7.4 has a double free in flb_free (called from flb_parser_json_do and flb_parser_do).","aliases":["BIT-fluent-bit-2021-36088"],"modified":"2026-04-02T07:05:04.464071Z","published":"2021-07-01T03:15:08.847Z","references":[{"type":"ADVISORY","url":"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/fluent-bit/OSV-2021-702.yaml"},{"type":"FIX","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=33750"},{"type":"FIX","url":"https://github.com/fluent/fluent-bit/commit/22346a74c07ceb90296be872be2d53eb92252a54"},{"type":"FIX","url":"https://github.com/fluent/fluent-bit/pull/3453"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/fluent/fluent-bit","events":[{"introduced":"1e8c00240903ebc71a9092313fd8b620e10632bc"},{"last_affected":"d638a11725ecdaf683be6167709c4712559cde79"},{"fixed":"22346a74c07ceb90296be872be2d53eb92252a54"}],"database_specific":{"versions":[{"introduced":"1.7.0"},{"last_affected":"1.7.4"}]}}],"versions":["v1.7.0","v1.7.1","v1.7.2","v1.7.3","v1.7.4"],"database_specific":{"vanir_signatures":[{"id":"CVE-2021-36088-499d5e79","digest":{"length":3135,"function_hash":"210821138041969896772177572225236899808"},"target":{"file":"src/flb_parser_json.c","function":"flb_parser_json_do"},"source":"https://github.com/fluent/fluent-bit/commit/22346a74c07ceb90296be872be2d53eb92252a54","signature_version":"v1","deprecated":false,"signature_type":"Function"},{"id":"CVE-2021-36088-9b9fd8dd","digest":{"line_hashes":["15907375869919561542890800455146713837","131867673044224448459384144928554040927","335748199596119996638886818829781370693","278957610952940763889198036630583526137","87820120863783867503610716601233301250","254993689099306520172863457632602922762","327121976266765979669537015380649424712","170524752924377180888809407919478188063"],"threshold":0.9},"target":{"file":"src/flb_parser_json.c"},"source":"https://github.com/fluent/fluent-bit/commit/22346a74c07ceb90296be872be2d53eb92252a54","signature_version":"v1","deprecated":false,"signature_type":"Line"}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2021-36088.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}]}