CVE-2024-4323

CVSS V2 None CVSS V3 None

Description

A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, information disclosure, or remote code execution.

Overview

CVE ID
CVE-2024-4323

Assigner
tenable

Vulnerability Status
PUBLISHED

Published Version
2024-05-20T12:06:21.696Z

Last Modified Date
2024-06-04T17:54:53.868Z

Weakness Enumerations

CWE	URL
CWE-122	http://cwe.mitre.org/data/definitions/122.html

References

Reference URL	Reference Tags
https://tenable.com/security/research/tra-2024-17
https://github.com/fluent/fluent-bit/commit/9311b43a258352797af40749ab31a63c32acfd04

Sources

Source Name	Source URL
NIST	https://nvd.nist.gov/vuln/detail/CVE-2024-4323
MITRE	https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-4323

History

Created	Old Value	New Value	Data Type	Notes
2024-06-23 22:31:28				Added to TrackCVE