Bug 2019184 (CVE-2021-41186) - CVE-2021-41186 fluentd: ReDoS vulnerability in parser_apache2
Summary: CVE-2021-41186 fluentd: ReDoS vulnerability in parser_apache2
Alias: CVE-2021-41186
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On: 2019185
Blocks: 2019186
TreeView+ depends on / blocked
Reported: 2021-11-01 19:39 UTC by Guilherme de Almeida Suckevicz
Modified: 2022-02-03 04:47 UTC (History)
26 users (show)

Fixed In Version: fluentd 1.14.2
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2021-11-30 20:09:19 UTC

Attachments (Terms of Use)

Description Guilherme de Almeida Suckevicz 2021-11-01 19:39:50 UTC
Fluentd collects events from various data sources and writes them to files to help unify logging infrastructure. The parser_apache2 plugin in Fluentd v0.14.14 to v1.14.1 suffers from a regular expression denial of service (ReDoS) vulnerability. A broken apache log with a certain pattern of string can spend too much time in a regular expression, resulting in the potential for a DoS attack. This issue is patched in version 1.14.2 There are two workarounds available. Either don't use parser_apache2 for parsing logs (which cannot guarantee generated by Apache), or put patched version of parser_apache2.rb into /etc/fluent/plugin directory (or any other directories specified by the environment variable `FLUENT_PLUGIN` or `--plugin` option of fluentd).


Comment 1 Guilherme de Almeida Suckevicz 2021-11-01 19:40:05 UTC
Created puppet-fluentd tracking bugs for this issue:

Affects: openstack-rdo [bug 2019185]

Comment 5 Product Security DevOps Team 2021-11-30 20:09:16 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):


Note You need to log in before you can comment on or make changes to this bug.