Buffer Overflow Vulnerability in Fluent Bit's Docker Input Plugin

CVE-2025-12970

What is CVE-2025-12970?

The Fluent Bit Docker input plugin has a buffer overflow vulnerability in its extract_name function. This issue arises from the copying of container names into a fixed-size stack buffer without adequate length validation. If an attacker gains the ability to create containers or manipulate container names, they can exploit this weakness by providing a long name, resulting in a buffer overflow. This can cause the process to crash or allow for arbitrary code execution, posing significant risks to the affected environment.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch →

News Articles

TechRadar

CVE-2025-12970

These worrying security flaws could put every major cloud provider at risk - here's what we know so far

Many vulnerabilities have existed for years, exposing cloud systems to ongoing risk

theregister.com

CVE-2025-12977CVE-2025-12970

Years-old bugs in open source took out major clouds at risk

A series of "trivial-to-exploit" vulnerabilities in Fluent Bit, an open source log collection tool that runs in every major cloud and AI lab, was left open for years, giving attackers an exploit chain to...

References