CVE-2024-4323
CRITICAL9.8EPSS 84.6%Fluent Bit Memory Corruption Vulnerability
發布日:2024/5/24修改日:2026/2/11
也稱為:BIT-fluent-bit-2024-4323
描述
A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, information disclosure, or remote code execution.
受影響套件(1)
- Bitnami/fluent-bit>= 2.0.7, < 3.0.4
CVSS 分數
| 來源 | 版本 | 嚴重程度 | 向量 |
|---|---|---|---|
| osv | CVSS 3.1 | CRITICAL9.8 | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
參考連結(6)
- WEBhttps://fluentbit.io/announcements/v3.0.4/
- WEBhttps://fluentbit.io/blog/2024/05/21/statement-on-cve-2024-4323-and-its-fix/
- WEBhttps://github.com/fluent/fluent-bit/commit/9311b43a258352797af40749ab31a63c32acfd04
- WEBhttps://nvd.nist.gov/vuln/detail/CVE-2024-4323
- WEBhttps://tenable.com/security/research/tra-2024-17
- WEBhttps://www.vicarius.io/vsociety/posts/linguistic-lumberjack-memory-corruption-in-fluent-bit-cve-2024-4323