CVE-2024-4323

See a problem?
Please try reporting it to the source first.
Source
https://nvd.nist.gov/vuln/detail/CVE-2024-4323
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2024-4323.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2024-4323
Aliases
Related
Published
2024-05-20T12:15:08Z
Modified
2024-10-12T11:29:29.049112Z
Summary
[none]
Details

A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, information disclosure, or remote code execution.

References

Affected packages

Git / github.com/fluent/fluent-bit

Affected ranges

Type
GIT
Repo
https://github.com/fluent/fluent-bit
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
9311b43a258352797af40749ab31a63c32acfd04

Affected versions

0.*

0.13-dev-0.10
0.13-dev-0.11
0.13-dev-0.12
0.13-dev-0.13
0.13-dev-0.14
0.13-dev-0.15
0.13-dev-0.16
0.13-dev-0.17
0.13-dev-0.18
0.13-dev-0.4
0.13-dev-0.5
0.13-dev-0.6
0.13-dev-0.7
0.13-dev-0.8
0.13-dev-0.9

Other

ci-release-test
unstable
unstable-master

tiger-2.*

tiger-2.0.9-dev-20230104

v0.*

v0.10.0
v0.11.0
v0.12.0
v0.12.1
v0.12.2
v0.12.3
v0.12.4
v0.13.0
v0.14.0
v0.3
v0.4
v0.5
v0.5.1
v0.6.0
v0.7.0
v0.8.0
v0.8.1
v0.8.2
v0.9.0

v1.*

v1.0.0
v1.1.0
v1.2.0
v1.3.0
v1.4.0
v1.5.0
v1.6.0
v1.7.0
v1.7.0-rc1
v1.7.0-rc2
v1.7.0-rc3
v1.7.0-rc4
v1.7.0-rc5
v1.7.0-rc6
v1.7.0-rc7
v1.7.0-rc8
v1.7.0-rc9
v1.8.0
v1.8.0-rc1
v1.9.0
v1.9.0-ci-test-1
v1.9.0-rc1
v1.9.0-rc2
v1.9.0-rc3
v1.9.0-rc4
v1.9.1
v1.9.2
v1.9.3
v1.9.4
v1.9.5
v1.9.6

v2.*

v2.0.0
v2.0.0-rc1
v2.0.0-rc2
v2.0.0-rc3
v2.0.0pre
v2.0.1
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.0.6
v2.0.7
v2.0.8
v2.0.9
v2.1.0
v2.1.0-rc1
v2.1.0-rc2
v2.1.1
v2.1.10
v2.1.2
v2.1.3
v2.1.4
v2.1.5
v2.1.5-windows-artifact-fix
v2.1.6
v2.1.7
v2.1.8
v2.1.9
v2.2.0
v2.2.1
v2.2.2

v3.*

v3.0.0
v3.0.1
v3.0.2
v3.0.3

vv.*

vv.2.0.7