Vulnerability Details CVE-2024-4323
A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, information disclosure, or remote code execution.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.283
EPSS Ranking 97.9%
CVSS Severity
CVSS v3 Score 9.8
References
- https://github.com/fluent/fluent-bit/commit/9311b43a258352797af40749ab31a63c32acfd04
- https://tenable.com/security/research/tra-2024-17
- https://github.com/fluent/fluent-bit/commit/9311b43a258352797af40749ab31a63c32acfd04
- https://tenable.com/security/research/tra-2024-17
- https://www.vicarius.io/vsociety/posts/linguistic-lumberjack-memory-corruption-in-fluent-bit-cve-2024-4323
Products affected by CVE-2024-4323
-
cpe:2.3:a:treasuredata:fluent_bit:2.0.10
-
cpe:2.3:a:treasuredata:fluent_bit:2.0.11
-
cpe:2.3:a:treasuredata:fluent_bit:2.0.12
-
cpe:2.3:a:treasuredata:fluent_bit:2.0.13
-
cpe:2.3:a:treasuredata:fluent_bit:2.0.14
-
cpe:2.3:a:treasuredata:fluent_bit:2.0.7
-
cpe:2.3:a:treasuredata:fluent_bit:2.0.8
-
cpe:2.3:a:treasuredata:fluent_bit:2.0.9
-
cpe:2.3:a:treasuredata:fluent_bit:2.1.0
-
cpe:2.3:a:treasuredata:fluent_bit:2.1.1
-
cpe:2.3:a:treasuredata:fluent_bit:2.1.10
-
cpe:2.3:a:treasuredata:fluent_bit:2.1.2
-
cpe:2.3:a:treasuredata:fluent_bit:2.1.3
-
cpe:2.3:a:treasuredata:fluent_bit:2.1.4
-
cpe:2.3:a:treasuredata:fluent_bit:2.1.5
-
cpe:2.3:a:treasuredata:fluent_bit:2.1.6
-
cpe:2.3:a:treasuredata:fluent_bit:2.1.7
-
cpe:2.3:a:treasuredata:fluent_bit:2.1.8
-
cpe:2.3:a:treasuredata:fluent_bit:2.1.9
-
cpe:2.3:a:treasuredata:fluent_bit:2.2.0
-
cpe:2.3:a:treasuredata:fluent_bit:2.2.1
-
cpe:2.3:a:treasuredata:fluent_bit:2.2.2
-
cpe:2.3:a:treasuredata:fluent_bit:3.0.0
-
cpe:2.3:a:treasuredata:fluent_bit:3.0.1
-
cpe:2.3:a:treasuredata:fluent_bit:3.0.2
-
cpe:2.3:a:treasuredata:fluent_bit:3.0.3