Cyber Resilience

CVE-2024-4323

CriticalPublic PoC

Published: 20 May 2024

Published
20 May 2024
Modified
05 May 2025
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.8634 99.4th percentile
Risk Priority 71 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-4323 is a critical-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Treasuredata Fluent Bit. Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 0.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.

Deeper analysis

A memory corruption vulnerability affects Fluent Bit versions 2.0.7 through 3.0.3 in the embedded HTTP server’s parsing of trace requests. The flaw, tracked as CVE-2024-4323 with a CVSS score of 9.8, is associated with CWE-122 and CWE-787 and can produce denial-of-service conditions, information disclosure, or remote code execution.

An unauthenticated remote attacker can send specially crafted trace requests over the network to trigger the memory corruption. Because the attack requires no credentials or user interaction and carries low complexity, successful exploitation may allow arbitrary code execution, data leakage, or service disruption on the affected Fluent Bit instance.

Public references point to a fix committed in the Fluent Bit repository at commit 9311b43a258352797af40749ab31a63c32acfd04, and Tenable research note TRA-2024-17 provides additional technical details on the issue. The EPSS score stands at 0.8634 with an identical peak value, indicating sustained exploitation interest since disclosure.

EU & UK References

Vulnerability details

A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, information disclosure, or remote code execution.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1499.004 Application or System Exploitation Impact
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Why these techniques?

Memory corruption in embedded HTTP server parsing trace requests enables remote exploitation of a public-facing application (T1190) for RCE or information disclosure, and application/system exploitation for DoS (T1499.004).

Affected Assets

treasuredata
fluent bit
2.0.7 — 2.2.3 · 3.0.0 — 3.0.4

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-787

Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.

References