CVE-2024-4323

Published: May 20, 2024Modified: May 5, 2025

9.8

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Exploitability: 3.9 / Impact: 5.9

Source: NVD

Description

A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, information disclosure, or remote code execution.

Affected (2)

Products: Treasuredata: Fluent Bit

Treasuredata

1 product

Fluent Bit

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Treasuredata Fluent Bit	From 2.0.7 to 2.2.3
Treasuredata Fluent Bit	From 3.0.0 to 3.0.4

Related CWEs

CWE-122

Heap-based Buffer Overflow

A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().

CWE-787

Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

References (5)

https://github.com/fluent/fluent-bit/commit/9311b43a258352797af40749ab31a63c32acfd04

Source: vulnreport@tenable.com

Patch

https://tenable.com/security/research/tra-2024-17

Source: vulnreport@tenable.com

PatchThird Party Advisory

https://github.com/fluent/fluent-bit/commit/9311b43a258352797af40749ab31a63c32acfd04

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

https://tenable.com/security/research/tra-2024-17

Source: af854a3a-2127-422b-91ae-364da2661108

PatchThird Party Advisory

https://www.vicarius.io/vsociety/posts/linguistic-lumberjack-memory-corruption-in-fluent-bit-cve-2024-4323

Source: af854a3a-2127-422b-91ae-364da2661108

ExploitThird Party Advisory

Timeline

No history available yet.