CVE-2024-4323
Published: 20 May 2024
Summary
CVE-2024-4323 is a critical-severity Heap-based Buffer Overflow (CWE-122) vulnerability in Treasuredata Fluent Bit. Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 0.6% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog; a public proof-of-concept is referenced.
Deeper analysis
A memory corruption vulnerability affects Fluent Bit versions 2.0.7 through 3.0.3 in the embedded HTTP server’s parsing of trace requests. The flaw, tracked as CVE-2024-4323 with a CVSS score of 9.8, is associated with CWE-122 and CWE-787 and can produce denial-of-service conditions, information disclosure, or remote code execution.
An unauthenticated remote attacker can send specially crafted trace requests over the network to trigger the memory corruption. Because the attack requires no credentials or user interaction and carries low complexity, successful exploitation may allow arbitrary code execution, data leakage, or service disruption on the affected Fluent Bit instance.
Public references point to a fix committed in the Fluent Bit repository at commit 9311b43a258352797af40749ab31a63c32acfd04, and Tenable research note TRA-2024-17 provides additional technical details on the issue. The EPSS score stands at 0.8634 with an identical peak value, indicating sustained exploitation interest since disclosure.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2024-43966
Vulnerability details
A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, information disclosure, or remote code execution.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Memory corruption in embedded HTTP server parsing trace requests enables remote exploitation of a public-facing application (T1190) for RCE or information disclosure, and application/system exploitation for DoS (T1499.004).
Affected Assets
Mitigating Controls
Likely Mitigating Controls AI
Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.
Out-of-bounds writes that corrupt control flow or inject shellcode are rendered non-executable by the same memory protections.