CVE-2024-4323: A Critical Vulnerability in Widely Used Logging Tool

Tenable experts have identified a critical vulnerability in Fluent Bit, which could lead to DoS attacks and remote code execution. This flaw affects all major cloud providers, including Amazon AWS, Google GCP, and Microsoft Azure, as well as numerous IT giants.

Fluent Bit is a popular logging and monitoring solution for Windows, Linux, and macOS, integrated into the primary Kubernetes distributions. As of March 2024, Fluent Bit had been downloaded and installed over 13 billion times. This technology is utilized in cybersecurity by companies such as Crowdstrike, Trend Micro, Cisco, VMware, Intel, Adobe, and Dell.

CVE-2024-4323

The memory corruption vulnerability CVE-2024-4323 (CVSS 3.1 score: 9.8) was discovered by Tenable researchers, who named it Linguistic Lumberjack. The flaw is caused by a heap overflow in the built-in HTTP server of Fluent Bit when handling trace requests and first appeared in version 2.0.7.

An unauthenticated attacker can easily exploit this vulnerability to cause a denial of service (DoS) or exfiltrate sensitive information. However, under certain conditions and given sufficient time, a hacker could achieve remote code execution (RCE).

Tenable stated that creating a reliable exploit for the heap overflow vulnerability is not only challenging but also time-consuming. The main risks are associated with the ease of executing DoS attacks and information leaks.

Tenable reported the issue to developers on April 30, and fixes were committed to the main branch of Fluent Bit on May 15. Version 3.0.4 has been released to fix this flaw. Additionally, on May 15, Tenable notified Microsoft, Amazon, and Google of the critical vulnerability through their vulnerability disclosure platforms.

Users who have deployed Fluent Bit in their infrastructure can mitigate the issue by restricting access to the Fluent Bit monitoring API to authorized users and services. Disabling the vulnerable API, if not in use, can also help block potential attacks and reduce the attack surface.