AZL-37083

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-37083.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-37083

Upstream

CVE-2024-23722

Published

2024-03-26T15:15:49Z

Modified

2026-04-01T05:12:25.453794Z

Summary

CVE-2024-23722 affecting package fluent-bit for versions less than 2.2.2-1

Details

In Fluent Bit 2.1.8 through 2.2.1, a NULL pointer dereference can be caused via an invalid HTTP payload with the content type of x-www-form-urlencoded. It crashes and does not restart. This could result in logs not being delivered properly.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-23722

Affected packages

Azure Linux:2 / fluent-bit

Package

Name: fluent-bit
Purl: pkg:rpm/azure-linux/fluent-bit

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.2-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-37083.json"