CVE-2024-23722

HIGH

Fluent Bit 2.1.8-2.2.1 - Denial of Service via Invalid HTTP Payload

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2024-23722. PoCs published by alexcote1.

AI-analyzed exploit summary This repository contains a functional proof-of-concept exploit for CVE-2024-23722, a DoS vulnerability in Fluent Bit versions 2.1.8 through 2.2.1. The exploit sends repeated HTTP POST requests with minimal data to trigger a crash in the target server.

Description

In Fluent Bit 2.1.8 through 2.2.1, a NULL pointer dereference can be caused via an invalid HTTP payload with the content type of x-www-form-urlencoded. It crashes and does not restart. This could result in logs not being delivered properly.

Exploits (1)

nomisec WORKING POC 2 stars

by alexcote1 · poc

https://github.com/alexcote1/CVE-2024-23722-poc

View Code ZIP pw:eip

This repository contains a functional proof-of-concept exploit for CVE-2024-23722, a DoS vulnerability in Fluent Bit versions 2.1.8 through 2.2.1. The exploit sends repeated HTTP POST requests with minimal data to trigger a crash in the target server.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Fluent Bit versions 2.1.8 through 2.2.1

No auth needed

Prerequisites: Network access to the target Fluent Bit server

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2

Core References

Patch

https://github.com/fluent/fluent-bit/compare/v2.2.1...v2.2.2

Exploit, Third Party Advisory

https://medium.com/%40adurands82/fluent-bit-dos-vulnerability-cve-2024-23722-4e3e74af9d00

Scores

CVSS v3 7.5

EPSS 0.0094

EPSS Percentile 56.5%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation poc

Automatable yes

Technical Impact partial

Details

CWE

CWE-476

Status published

Products (1)

treasuredata/fluent_bit 2.1.8 - 2.2.2

Published Mar 26, 2024

Tracked Since Feb 18, 2026