{"id":"OSV-2022-988","summary":"Heap-buffer-overflow in onig_vsnprintf_with_pattern","details":"OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51934\n\n```\nCrash type: Heap-buffer-overflow READ 1\nCrash state:\nonig_vsnprintf_with_pattern\nonig_syntax_warn\nfetch_token\n```\n","modified":"2023-01-21T00:21:18.857380Z","published":"2022-09-29T00:01:07.751712Z","references":[{"type":"REPORT","url":"https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=51934"}],"affected":[{"package":{"name":"fluent-bit","ecosystem":"OSS-Fuzz","purl":"pkg:generic/fluent-bit"},"ranges":[{"type":"GIT","repo":"https://github.com/fluent/fluent-bit/","events":[{"introduced":"9cc2ff55a146b2b3e8c321a87920c0d39a2b2ba6"},{"introduced":"3c13edab76389a7412deef12ac61a25b85f00c39"},{"fixed":"5ddb06fe4273bdec0171bc30877959c7bef666c2"}]}],"versions":["tiger-2.0.9-dev-20230104","v2.0.0","v2.0.0-rc1","v2.0.0-rc2","v2.0.0-rc3","v2.0.0pre","v2.0.1","v2.0.2","v2.0.3","v2.0.4","v2.0.5","v2.0.6","v2.0.7","v2.0.8","vv.2.0.7"],"ecosystem_specific":{"severity":"MEDIUM"},"database_specific":{"source":"https://github.com/google/oss-fuzz-vulns/blob/main/vulns/fluent-bit/OSV-2022-988.yaml"}}],"schema_version":"1.7.3"}