{"id":"CVE-2025-12970","details":"The extract_name function in Fluent Bit in_docker input plugin copies container names into a fixed size stack buffer without validating length. An attacker who can create containers or control container names, can supply a long name that overflows the buffer, leading to process crash or arbitrary code execution.","aliases":["BIT-fluent-bit-2025-12970"],"modified":"2026-04-02T12:32:26.393142Z","published":"2025-11-24T15:15:46.507Z","references":[{"type":"ARTICLE","url":"https://www.oligo.security/blog/critical-vulnerabilities-in-fluent-bit-expose-cloud-environments-to-remote-takeover"},{"type":"ARTICLE","url":"https://fluentbit.io/blog/2025/10/28/security-vulnerabilities-addressed-in-fluent-bit-v4.1-and-backported-to-v4.0/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/fluent/fluent-bit","events":[{"introduced":"0"},{"last_affected":"a8bd9e4cf636710dc7ce3af9d940bb4d91e660fc"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"4.1.0"}]}}],"versions":["0.13-dev-0.10","0.13-dev-0.11","0.13-dev-0.12","0.13-dev-0.13","0.13-dev-0.14","0.13-dev-0.15","0.13-dev-0.16","0.13-dev-0.17","0.13-dev-0.18","0.13-dev-0.4","0.13-dev-0.5","0.13-dev-0.6","0.13-dev-0.7","0.13-dev-0.8","0.13-dev-0.9","1.8.9-dev-6b56f51","20220215","ci-release-test","delete","tiger-1.8.15-20221123","tiger-1.8.15-20221220","tiger-1.8.15-20230223","tiger-1.8.15-20230329","tiger-1.8.15-20230518","tiger-1.8.16-20230518","tiger-1.8.17","tiger-2.0.9-dev-20230104","unstable","unstable-1.8","unstable-4875_1_8_container_builds","unstable-leonardo-cio-log-poc","unstable-master","v0.1","v0.10.0","v0.10.1","v0.11.0","v0.11.1","v0.11.10","v0.11.11","v0.11.12","v0.11.13","v0.11.14","v0.11.15","v0.11.16","v0.11.17","v0.11.2","v0.11.3","v0.11.4","v0.11.5","v0.11.6","v0.11.7","v0.11.8","v0.11.9","v0.12.0","v0.12.1","v0.12.10","v0.12.11","v0.12.12","v0.12.13","v0.12.14","v0.12.15","v0.12.16","v0.12.17","v0.12.18","v0.12.19","v0.12.2","v0.12.3","v0.12.4","v0.12.5","v0.12.6","v0.12.7","v0.12.8","v0.12.9","v0.13.0","v0.13.1","v0.13.2","v0.13.3","v0.13.4","v0.13.5","v0.13.6","v0.13.7","v0.13.8","v0.14.0","v0.14.1","v0.14.2","v0.14.3","v0.14.4","v0.14.5","v0.14.6","v0.14.7","v0.14.8","v0.14.9","v0.2","v0.3","v0.4","v0.5","v0.5.1","v0.6.0","v0.7.0","v0.7.1","v0.7.2","v0.8.0","v0.8.1","v0.8.2","v0.8.3","v0.8.4","v0.8.5","v0.9.0","v0.9.1","v1.0.0","v1.0.1","v1.0.2","v1.0.3","v1.0.4","v1.0.5","v1.0.6","v1.1.0","v1.1.1","v1.1.2","v1.1.3","v1.2.0","v1.2.1","v1.2.2","v1.3.0","v1.3.1","v1.3.10","v1.3.11","v1.3.2","v1.3.3","v1.3.4","v1.3.5","v1.3.6","v1.3.7","v1.3.8","v1.3.9","v1.4.0","v1.4.1","v1.4.2","v1.4.3","v1.4.4","v1.4.5","v1.4.6","v1.5.0","v1.5.0-win32-rc4","v1.5.0-win32-rc5","v1.5.0-win32-rc6","v1.5.0-win32-rc7","v1.5.1","v1.5.2","v1.5.3","v1.5.3-win32","v1.5.4","v1.5.5","v1.5.6","v1.5.7","v1.5.7-winfix","v1.6.0","v1.6.1","v1.6.10","v1.6.2","v1.6.3","v1.6.4","v1.6.5","v1.6.6","v1.6.7","v1.6.8","v1.6.9","v1.7.0","v1.7.0-rc1","v1.7.0-rc2","v1.7.0-rc3","v1.7.0-rc4","v1.7.0-rc5","v1.7.0-rc6","v1.7.0-rc7","v1.7.0-rc8","v1.7.0-rc9","v1.7.1","v1.7.2","v1.7.3","v1.7.4","v1.7.5","v1.7.6","v1.7.7","v1.7.8","v1.7.9","v1.8.0","v1.8.0-rc1","v1.8.1","v1.8.10","v1.8.11","v1.8.12","v1.8.13","v1.8.14","v1.8.15","v1.8.2","v1.8.3","v1.8.4","v1.8.5","v1.8.6","v1.8.7","v1.8.8","v1.8.9","v1.8.9-dev-6b56f51","v1.9.0","v1.9.0-ci-test-1","v1.9.0-rc1","v1.9.0-rc2","v1.9.0-rc3","v1.9.0-rc4","v1.9.1","v1.9.10","v1.9.2","v1.9.3","v1.9.4","v1.9.5","v1.9.6","v1.9.7","v1.9.8","v1.9.9","v2.0.0","v2.0.0-rc1","v2.0.0-rc2","v2.0.0-rc3","v2.0.0pre","v2.0.1","v2.0.10","v2.0.11","v2.0.12","v2.0.13","v2.0.14","v2.0.2","v2.0.3","v2.0.4","v2.0.5","v2.0.6","v2.0.7","v2.0.8","v2.0.9","v2.1.0","v2.1.0-rc1","v2.1.0-rc2","v2.1.1","v2.1.10","v2.1.2","v2.1.3","v2.1.4","v2.1.5","v2.1.5-windows-artifact-fix","v2.1.6","v2.1.7","v2.1.8","v2.1.9","v2.2.0","v2.2.1","v2.2.2","v2.2.3","v3.0.0","v3.0.1","v3.0.2","v3.0.3","v3.0.4","v3.0.5","v3.0.6","v3.0.7","v3.1.0","v3.1.1","v3.1.10","v3.1.2","v3.1.3","v3.1.4","v3.1.5","v3.1.6","v3.1.7","v3.1.8","v3.1.9","v3.2.0","v3.2.1","v3.2.10","v3.2.2","v3.2.3","v3.2.4","v3.2.5","v3.2.6","v3.2.7","v3.2.8","v3.2.9","v4.0.0","v4.0.1","v4.0.10","v4.0.11","v4.0.12","v4.0.13","v4.0.14","v4.0.2","v4.0.3","v4.0.4","v4.0.5","v4.0.6","v4.0.7","v4.0.8","v4.0.9","v4.1.0"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-12970.json"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}]}