AZL-42162

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-42162.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-42162

Upstream

CVE-2024-4323

Published

2024-05-20T12:15:08Z

Modified

2026-04-01T05:14:43.433666Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

CVE-2024-4323 affecting package fluent-bit for versions less than 2.2.3-1

Details

A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, information disclosure, or remote code execution.

References

https://nvd.nist.gov/vuln/detail/CVE-2024-4323

Affected packages

Azure Linux:2 / fluent-bit

Package

Name: fluent-bit
Purl: pkg:rpm/azure-linux/fluent-bit

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

2.2.3-1

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-42162.json"