Tenable Research has discovered a critical memory corruption vulnerability in Fluent Bit’s built-in HTTP server that could potentially result in denial of service (DoS), information leakage, or remote code execution (RCE). The issue was reported to the project’s maintainers on April 30, 2024. Fixes were committed to the project’s main branch on May 15 and are expected in the release of version 3.0.4. The issue has been assigned CVE-2024-4323.

Fluent Bit is a lightweight, open-source data collector and processor that can handle large volumes of log data from various sources. It was designed to be highly scalable and easy to use, making it an ideal choice for collecting and processing logs in cloud-based environments. The project boasts upwards of 3 billion downloads as of 2022 and continues to see more than 10 million deployments each day. It is used heavily in almost every major cloud provider’s infrastructure.

“Nearly every large cloud provider uses this utility, which is known to contain lots of juicy information for attackers. It’s important to realise that information leakage, denial of service and remote code execution are all possible outcomes if the latest version is not being used. Organisations should update these utilities regularly, adopt adequate defence-in-depth measures, and utilise the principle of least privilege to ensure these tools cannot be misused by attackers.” said Jimi Sebree, Staff Research Engineer, Tenable

More information can be found in this blog: Linguistic Lumberjack: Attacking Cloud Services via Logging Endpoints (Fluent Bit – CVE-2024-4323)