Security News > 2024 > May > Critical Fluent Bit flaw impacts all major cloud providers
A critical Fluent Bit vulnerability that can be exploited in denial-of-service and remote code execution attacks impacts all major cloud providers and many technology giants.
Fluent Bit is an extremely popular logging and metrics solution for Windows, Linux, and macOS embedded in major Kubernetes distributions, including those from Amazon AWS, Google GCP, and Microsoft Azure.
Until March 2024, Fluent Bit was downloaded and deployed over 13 billion times, a massive increase from the three billion downloads reported in October 2022.
Fluent Bit is also used by cybersecurity firms like Crowdstrike and Trend Micro, and many tech companies, such as Cisco, VMware, Intel, Adobe, and Dell.
Tracked as CVE-2024-4323 and dubbed Linguistic Lumberjack by Tenable security researchers who discovered it, this critical memory corruption vulnerability was introduced with version 2.0.7 and is caused by a heap buffer overflows weakness in Fluent Bit's embedded HTTP server's parsing of trace requests.
Official releases containing this patch are expected to ship with Fluent Bit 3.0.4.
News URL
Related Vulnerability
DATE | CVE | VULNERABILITY TITLE | RISK |
---|---|---|---|
2024-05-20 | CVE-2024-4323 | A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. | 0.0 |