CVE-2024-4323

Name of the Vulnerable Software and Affected Versions Fluent Bit versions 2.0.7 through 3.0.3

Description A memory corruption vulnerability in Fluent Bit's embedded HTTP server allows an unauthenticated attacker to potentially execute arbitrary code, cause a denial of service, or disclose sensitive information. The issue is related to a heap buffer overflow when parsing trace requests. With over 13 billion downloads, Fluent Bit is widely used in major cloud platforms and by tech giants, making this vulnerability particularly concerning. While creating a reliable exploit for remote code execution may be challenging, a proof of concept for denial of service is already publicly available.

Recommendations For Fluent Bit versions 2.0.7 through 3.0.3, upgrade to version 3.0.4 or later to mitigate the vulnerability. As a temporary workaround, consider restricting access to the API endpoint /api/v1/traces endpoint or disabling it altogether to prevent potential attacks. Limiting access to the vulnerable endpoint to authorized users and services can also help mitigate the issue until a patch is applied.