Vulnerability Details CVE-2024-4323
A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, information disclosure, or remote code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.791
EPSS Ranking 99.0%
CVSS Severity
CVSS v3 Score 9.8
References
- https://github.com/fluent/fluent-bit/commit/9311b43a258352797af40749ab31a63c32acfd04
- https://tenable.com/security/research/tra-2024-17
- https://github.com/fluent/fluent-bit/commit/9311b43a258352797af40749ab31a63c32acfd04
- https://tenable.com/security/research/tra-2024-17
- https://www.vicarius.io/vsociety/posts/linguistic-lumberjack-memory-corruption-in-fluent-bit-cve-2024-4323
Products affected by CVE-2024-4323
-
cpe:2.3:a:treasuredata:fluent_bit:2.0.10
-
cpe:2.3:a:treasuredata:fluent_bit:2.0.11
-
cpe:2.3:a:treasuredata:fluent_bit:2.0.12
-
cpe:2.3:a:treasuredata:fluent_bit:2.0.13
-
cpe:2.3:a:treasuredata:fluent_bit:2.0.14
-
cpe:2.3:a:treasuredata:fluent_bit:2.0.7
-
cpe:2.3:a:treasuredata:fluent_bit:2.0.8
-
cpe:2.3:a:treasuredata:fluent_bit:2.0.9
-
cpe:2.3:a:treasuredata:fluent_bit:2.1.0
-
cpe:2.3:a:treasuredata:fluent_bit:2.1.1
-
cpe:2.3:a:treasuredata:fluent_bit:2.1.10
-
cpe:2.3:a:treasuredata:fluent_bit:2.1.2
-
cpe:2.3:a:treasuredata:fluent_bit:2.1.3
-
cpe:2.3:a:treasuredata:fluent_bit:2.1.4
-
cpe:2.3:a:treasuredata:fluent_bit:2.1.5
-
cpe:2.3:a:treasuredata:fluent_bit:2.1.6
-
cpe:2.3:a:treasuredata:fluent_bit:2.1.7
-
cpe:2.3:a:treasuredata:fluent_bit:2.1.8
-
cpe:2.3:a:treasuredata:fluent_bit:2.1.9
-
cpe:2.3:a:treasuredata:fluent_bit:2.2.0
-
cpe:2.3:a:treasuredata:fluent_bit:2.2.1
-
cpe:2.3:a:treasuredata:fluent_bit:2.2.2
-
cpe:2.3:a:treasuredata:fluent_bit:3.0.0
-
cpe:2.3:a:treasuredata:fluent_bit:3.0.1
-
cpe:2.3:a:treasuredata:fluent_bit:3.0.2
-
cpe:2.3:a:treasuredata:fluent_bit:3.0.3