Lucene search

[email protected]NVD:CVE-2024-4323

HistoryMay 20, 2024 - 12:15 p.m.

CVE-2024-4323

2024-05-2012:15:08

CWE-122

[email protected]

web.nvd.nist.gov

fluent bit

memory corruption

http server

denial of service

information disclosure

remote code execution

cve-2024-4323

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, information disclosure, or remote code execution.

References

github.com/fluent/fluent-bit/commit/9311b43a258352797af40749ab31a63c32acfd04

tenable.com/security/research/tra-2024-17

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.9 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for NVD:CVE-2024-4323

cvelist1 cbl_mariner1 githubexploit2 wolfi1 hackread1 osv2 cve1 thn1 nessus1 vulnrichment1