9.8
CVE-2024-4323
- EPSS 28.31%
- Veröffentlicht 20.05.2024 12:15:08
- Zuletzt bearbeitet 05.05.2025 17:03:14
- Quelle vulnreport@tenable.com
- CVE-Watchlists
- Unerledigt
Fluent Bit Memory Corruption Vulnerability
A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, information disclosure, or remote code execution.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Treasuredata ≫ Fluent Bit Version >= 2.0.7 < 2.2.3
Treasuredata ≫ Fluent Bit Version >= 3.0.0 < 3.0.4
VulnDex Vulnerability Enrichment
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
Login| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 28.31% | 0.979 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| nvd@nist.gov | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
| vulnreport@tenable.com | 9.8 | 3.9 | 5.9 |
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
|
CWE-122 Heap-based Buffer Overflow
A heap overflow condition is a buffer overflow, where the buffer that can be overwritten is allocated in the heap portion of memory, generally meaning that the buffer was allocated using a routine such as malloc().
CWE-787 Out-of-bounds Write
The product writes data past the end, or before the beginning, of the intended buffer.
https://github.com/fluent/fluent-bit/commit/9311b43a258352797af40749ab31a63c32acfd04
https://tenable.com/security/research/tra-2024-17
https://www.vicarius.io/vsociety/posts/linguistic-lumberjack-memory-corruption-in-fluent-bit-cve-2024-4323