BIT-fluent-bit-2024-4323

See a problem?
Import Source
https://github.com/bitnami/vulndb/tree/main/data/fluent-bit/BIT-fluent-bit-2024-4323.json
JSON Data
https://api.test.osv.dev/v1/vulns/BIT-fluent-bit-2024-4323
Aliases
Published
2024-05-24T07:17:42.946Z
Modified
2024-11-27T19:40:48.342Z
Summary
[none]
Details

A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, information disclosure, or remote code execution.

Database specific 
{
    "cpes": [
        "cpe:2.3:a:treasuredata:fluent_bit:*:*:*:*:*:*:*:*"
    ],
    "severity": "Critical"
}
References

Affected packages

Bitnami / fluent-bit

Package

Name
fluent-bit
Purl
pkg:bitnami/fluent-bit

Severity

  • 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Affected ranges

Type
SEMVER
Events
Introduced
2.0.7
Fixed
3.0.4