Vulnerabilities > CVE-2024-4323 - Out-of-bounds Write vulnerability in Treasuredata Fluent BIT
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
HIGH Integrity impact
HIGH Availability impact
HIGH Summary
A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, information disclosure, or remote code execution.
Vulnerable Configurations
Common Weakness Enumeration (CWE)
Related news
References
- https://github.com/fluent/fluent-bit/commit/9311b43a258352797af40749ab31a63c32acfd04
- https://github.com/fluent/fluent-bit/commit/9311b43a258352797af40749ab31a63c32acfd04
- https://tenable.com/security/research/tra-2024-17
- https://tenable.com/security/research/tra-2024-17
- https://www.vicarius.io/vsociety/posts/linguistic-lumberjack-memory-corruption-in-fluent-bit-cve-2024-4323