CVE-2024-4323

CRITICAL

Fluent Bit 2.0.7-3.0.3 - Heap-based Buffer Overflow in HTTP Server Trace Request Parsing

Title source: llm

Exploitation Summary

EIP tracks 3 public exploits for CVE-2024-4323. PoCs published by skilfoy, d0rb, yuansec.

AI-analyzed exploit summary The repository contains a functional Python script that exploits CVE-2024-4323, a memory corruption vulnerability in Fluent Bit's HTTP server. The PoC sends a crafted HTTP request with an oversized payload to trigger a buffer overflow, potentially leading to remote code execution.

Description

A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, information disclosure, or remote code execution.

Exploits (3)

nomisec WORKING POC 15 stars

by skilfoy · poc

https://github.com/skilfoy/CVE-2024-4323-Exploit-POC

View Code ZIP pw:eip

The repository contains a functional Python script that exploits CVE-2024-4323, a memory corruption vulnerability in Fluent Bit's HTTP server. The PoC sends a crafted HTTP request with an oversized payload to trigger a buffer overflow, potentially leading to remote code execution.

Classification

Working Poc 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Theoretical

Target: Fluent Bit versions 2.0.7 through 3.0.3

No auth needed

Prerequisites: Network access to the target Fluent Bit HTTP server · Target server must be running a vulnerable version of Fluent Bit

MITRE ATT&CK

T1190 - Exploit Public-Facing Application T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC 1 stars

by d0rb · poc

https://github.com/d0rb/CVE-2024-4323

View Code ZIP pw:eip

The repository contains a functional PoC for CVE-2024-4323, demonstrating a heap buffer overflow in Fluent Bit's HTTP server via a crafted POST request with an oversized payload. The README provides a detailed technical analysis of the vulnerability, including vulnerable code snippets and mitigation strategies.

Classification

Working Poc 95%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Fluent Bit HTTP server

No auth needed

Prerequisites: Network access to the Fluent Bit HTTP server

MITRE ATT&CK

T1203 - Exploitation for Client Execution

devstral-2 · analyzed Feb 18, 2026 Full analysis →

nomisec WORKING POC

by yuansec · poc

https://github.com/yuansec/CVE-2024-4323-dos_poc

View Code ZIP pw:eip

This repository contains a functional proof-of-concept exploit for CVE-2024-4323, which targets a memory corruption vulnerability in an unspecified API endpoint. The exploit sends a crafted JSON payload with an excessively long string to trigger a denial-of-service (DoS) condition.

Classification

Working Poc 90%

Attack Type

Dos

Complexity

Trivial

Reliability

Reliable

Target: Unknown (API endpoint /api/v1/traces/)

No auth needed

Prerequisites: Network access to the target API endpoint

MITRE ATT&CK

T1499 - Endpoint Denial of Service

devstral-2 · analyzed Feb 18, 2026 Full analysis →

References (3)

Core 3

Core References

Patch

https://github.com/fluent/fluent-bit/commit/9311b43a258352797af40749ab31a63c32acfd04

View Patch ZIP pw:eip

Patch, Third Party Advisory

https://tenable.com/security/research/tra-2024-17

Exploit, Third Party Advisory

https://www.vicarius.io/vsociety/posts/linguistic-lumberjack-memory-corruption-in-fluent-bit-cve-2024-4323

Scores

CVSS v3 9.8

EPSS 0.2831

EPSS Percentile 97.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable yes

Technical Impact total

Details

CWE

CWE-122 CWE-787

Status published

Products (1)

treasuredata/fluent_bit 2.0.7 - 2.2.3

Published May 20, 2024

Tracked Since Feb 18, 2026