Lucene search

GoogleOSV:BIT-FLUENT-BIT-2024-4323

HistoryMay 24, 2024 - 7:17 a.m.

BIT-fluent-bit-2024-4323

2024-05-2407:17:42

Google

osv.dev

fluent bit

memory corruption

http server

denial of service

information disclosure

remote code execution

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, information disclosure, or remote code execution.

CPENameOperatorVersion
fluent-bitlt3.0.4
fluent-bitge2.0.7

CPE	Name	Operator	Version
	fluent-bit	lt	3.0.4
	fluent-bit	ge	2.0.7

References

github.com/fluent/fluent-bit/commit/9311b43a258352797af40749ab31a63c32acfd04

tenable.com/security/research/tra-2024-17

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

7.5 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

9.0%

JSON

Related for OSV:BIT-FLUENT-BIT-2024-4323