BIT-fluent-bit-2024-23722

See a problem?

Import Source

https://github.com/bitnami/vulndb/tree/main/data/fluent-bit/BIT-fluent-bit-2024-23722.json

JSON Data

https://api.test.osv.dev/v1/vulns/BIT-fluent-bit-2024-23722

Aliases

CVE-2024-23722

Published

2024-05-29T07:18:00.870Z

Modified

2024-08-07T07:58:01.019Z

Summary

[none]

Details

In Fluent Bit 2.1.8 through 2.2.1, a NULL pointer dereference can be caused via an invalid HTTP payload with the content type of x-www-form-urlencoded. It crashes and does not restart. This could result in logs not being delivered properly.

Database specific

{
    "cpes": [
        "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*"
    ],
    "severity": "High"
}

References

https://github.com/fluent/fluent-bit/compare/v2.2.1...v2.2.2
https://medium.com/%40adurands82/fluent-bit-dos-vulnerability-cve-2024-23722-4e3e74af9d00

Affected packages

Bitnami / fluent-bit

Package

Name: fluent-bit
Purl: pkg:bitnami/fluent-bit

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Affected ranges

Type: SEMVER
Events: Introduced

2.1.8

Fixed

2.2.2