Fluent Bit Memory Corruption Vulnerability (CVE-2024-4323)

Fluent Bit, a widespread logging and metrics utility, is vulnerable to a memory corruption flaw tracked as CVE-2024-4323. Successful exploitation of the vulnerability may lead to denial of service, information disclosure, or, in extreme cases, remote code execution. The vulnerability has a critical severity rating and a CVSS score of 9.8.

Fluent Bit is an open-source telemetry agent specifically designed to efficiently handle the challenges of collecting and processing telemetry data across various environments, from constrained systems to complex cloud infrastructures. Managing telemetry data from multiple sources and formats can be a constant challenge, mainly when performance is critical.

Vulnerability Details

The monitoring API of Fluent Bit allows administrators to query and monitor information internal to the service itself.

The endpoint/api/v1/traces and /api/v1/trace allow end-users to enable, disable, or retrieve information about configured traces. Irrespective of the traces configuration, a user with access to this API endpoint may query it.

While parsing the incoming requests for the “traces” API endpoint, types of input names are not properly validated before being parsed. An attacker could exploit this flaw by passing unexpected or invalid inputs to cause memory corruption and then use it to cause a denial-of-service attack further. In some specific conditions, it is also possible that the memory exploit could be used for remote code execution.

Affected Versions

Fluent Bit versions 2.0.7 through 3.0.3 are affected by this vulnerability.

Mitigation

Customers are advised to upgrade to Fluent Bit version 3.0.4 or later to patch the vulnerability.

For more information, please refer to the Fluent Bit Security Advisory.

Qualys Detection

Qualys customers can scan their devices with QIDs 379853 and 731560 to detect vulnerable assets.

Please continue to follow Qualys Threat Protection for more coverage of the latest vulnerabilities.

References
https://fluentbit.io/blog/2024/05/21/statement-on-cve-2024-4323-and-its-fix/
https://www.tenable.com/security/research/tra-2024-17

Leave a Reply

Your email address will not be published. Required fields are marked *