CVE-2024-4323
CRITICAL9.8EPSS 84.6%Fluent Bit Memory Corruption Vulnerability
Published: 5/24/2024Modified: 2/11/2026
Also known as:BIT-fluent-bit-2024-4323
Description
A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, information disclosure, or remote code execution.
Affected packages (1)
- Bitnami/fluent-bit>= 2.0.7, < 3.0.4
CVSS scores
| Source | Version | Severity | Vector |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
References (6)
- WEBhttps://fluentbit.io/announcements/v3.0.4/
- WEBhttps://fluentbit.io/blog/2024/05/21/statement-on-cve-2024-4323-and-its-fix/
- WEBhttps://github.com/fluent/fluent-bit/commit/9311b43a258352797af40749ab31a63c32acfd04
- WEBhttps://nvd.nist.gov/vuln/detail/CVE-2024-4323
- WEBhttps://tenable.com/security/research/tra-2024-17
- WEBhttps://www.vicarius.io/vsociety/posts/linguistic-lumberjack-memory-corruption-in-fluent-bit-cve-2024-4323