A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, information disclosure, or remote code execution.
Critical Fluent Bit flaw impacts all major cloud providers By Sergiu Gatlan May 20, 2024 05:12 PM 0 A critical Fluent Bit vulnerability that can be exploited in denial-of-service and remote code execution attacks impacts all major cloud providers and many technology giants. Fluent Bit is an extremely popular logging and metrics solution for Windows, Linux, and macOS embedded in major Kubernetes distributions, including those from Amazon AWS, Google GCP, and Microsoft Azure. Until March 2024, ...
Topics Security Off-Prem On-Prem Software Offbeat Special Features Vendor Voice Vendor Voice Resources Crashes galore, plus especially crafty crims could use it for much worse
Infosec researchers are alerting the industry to a critical vulnerability in Fluent Bit – a logging component used by a swathe of blue chip companies and all three major cloud providers. Experts at Tenable discovered the flaw (CVE-2024-4323), which can lead to denial of service (DoS) and information leakage, and under the right conditions remote code execution (RCE). Fluent Bit is an open source logging component with more than 13 million Docker downloads as of March. It's used by the likes of...