ГлавнаяУязвимости → CVE-2024-4323
9.8критическая

CVE-2024-4323

Описание

A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, information disclosure, or remote code execution.

Затрагиваемое ПО
Treasuredata Fluent bit
CVSS
Балл9.8 — критическая
ВекторCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Источники
https://github.com/fluent/fluent-bit/commit/9311b43a258352797af40749ab31a63c32acfd04https://tenable.com/security/research/tra-2024-17https://github.com/fluent/fluent-bit/commit/9311b43a258352797af40749ab31a63c32acfd04https://tenable.com/security/research/tra-2024-17https://www.vicarius.io/vsociety/posts/linguistic-lumberjack-memory-corruption-in-fluent-bit-cve-2024-4323