CVE-2024-4323

CRITICAL

Treasuredata Fluent Bit < 2.2.3 - Out-of-Bounds Write

Title source: rule

Description

A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, information disclosure, or remote code execution.

Exploits (3)

nomisec WORKING POC 15 stars

by skilfoy · poc

https://github.com/skilfoy/CVE-2024-4323-Exploit-POC

View Code ZIP pw:eip

nomisec WORKING POC 1 stars

by d0rb · poc

https://github.com/d0rb/CVE-2024-4323

View Code ZIP pw:eip

nomisec WORKING POC

by yuansec · poc

https://github.com/yuansec/CVE-2024-4323-dos_poc

View Code ZIP pw:eip

References (3)

[Patch] https://github.com/fluent/fluent-bit/commit/9311b43a258352797af40749ab31a63c32acfd04

[Patch, Third Party Advisory] https://tenable.com/security/research/tra-2024-17

[Exploit, Third Party Advisory] https://www.vicarius.io/vsociety/posts/linguistic-lumberjack-memory-corruption-in-fluent-bit-cve-2024-4323

Scores

CVSS v3 9.8

EPSS 0.8464

EPSS Percentile 99.3%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Details

CWE

CWE-122 CWE-787

Status published

Products (1)

treasuredata/fluent_bit 2.0.7 - 2.2.3

Published May 20, 2024

Tracked Since Feb 18, 2026