CVE-2024-4323
- Source
- https://nvd.nist.gov/vuln/detail/CVE-2024-4323
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2024-4323.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2024-4323
- Aliases
- Related
- Published
- 2024-05-20T12:15:08Z
- Modified
- 2025-10-10T04:55:59.956781Z
- Severity
-
- 9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the embedded http server’s parsing of trace requests and may result in denial of service conditions, information disclosure, or remote code execution.
- References
Affected packages
Git / github.com/fluent/fluent-bit
Affected ranges
- Type
- GIT
- Repo
- https://github.com/fluent/fluent-bit
- Events
-
Introduced0 Unknown introduced commit / All previous commits are affectedFixed
Affected versions
0.*
0.13-dev-0.10
0.13-dev-0.11
0.13-dev-0.12
0.13-dev-0.13
0.13-dev-0.14
0.13-dev-0.15
0.13-dev-0.16
0.13-dev-0.17
0.13-dev-0.18
0.13-dev-0.4
0.13-dev-0.5
0.13-dev-0.6
0.13-dev-0.7
0.13-dev-0.8
0.13-dev-0.9
Other
ci-release-test
unstable
unstable-master
tiger-2.*
tiger-2.0.9-dev-20230104
v0.*
v0.10.0
v0.11.0
v0.12.0
v0.12.1
v0.12.2
v0.12.3
v0.12.4
v0.13.0
v0.14.0
v0.3
v0.4
v0.5
v0.5.1
v0.6.0
v0.7.0
v0.8.0
v0.8.1
v0.8.2
v0.9.0
v1.*
v1.0.0
v1.1.0
v1.2.0
v1.3.0
v1.4.0
v1.5.0
v1.6.0
v1.7.0
v1.7.0-rc1
v1.7.0-rc2
v1.7.0-rc3
v1.7.0-rc4
v1.7.0-rc5
v1.7.0-rc6
v1.7.0-rc7
v1.7.0-rc8
v1.7.0-rc9
v1.8.0
v1.8.0-rc1
v1.9.0
v1.9.0-ci-test-1
v1.9.0-rc1
v1.9.0-rc2
v1.9.0-rc3
v1.9.0-rc4
v1.9.1
v1.9.2
v1.9.3
v1.9.4
v1.9.5
v1.9.6
v2.*
v2.0.0
v2.0.0-rc1
v2.0.0-rc2
v2.0.0-rc3
v2.0.0pre
v2.0.1
v2.0.2
v2.0.3
v2.0.4
v2.0.5
v2.0.6
v2.0.7
v2.0.8
v2.0.9
v2.1.0
v2.1.0-rc1
v2.1.0-rc2
v2.1.1
v2.1.10
v2.1.2
v2.1.3
v2.1.4
v2.1.5
v2.1.5-windows-artifact-fix
v2.1.6
v2.1.7
v2.1.8
v2.1.9
v2.2.0
v2.2.1
v2.2.2
v3.*
v3.0.0
v3.0.1
v3.0.2
v3.0.3
Database specific
{
"vanir_signatures": [
{
"digest": {
"length": 1156.0,
"function_hash": "272626784187485721228493085098267007589"
},
"target": {
"function": "cb_trace",
"file": "src/http_server/api/v1/trace.c"
},
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2024-4323-02ed5d73",
"source": "https://github.com/fluent/fluent-bit/commit/9311b43a258352797af40749ab31a63c32acfd04",
"deprecated": false
},
{
"digest": {
"length": 5217.0,
"function_hash": "157596350579603252261227575734694719318"
},
"target": {
"function": "http_enable_trace",
"file": "src/http_server/api/v1/trace.c"
},
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2024-4323-37b7ae7a",
"source": "https://github.com/fluent/fluent-bit/commit/9311b43a258352797af40749ab31a63c32acfd04",
"deprecated": false
},
{
"digest": {
"length": 327.0,
"function_hash": "75894379966598938512764811442317395262"
},
"target": {
"function": "get_input_name",
"file": "src/http_server/api/v1/trace.c"
},
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2024-4323-5929f0ab",
"source": "https://github.com/fluent/fluent-bit/commit/9311b43a258352797af40749ab31a63c32acfd04",
"deprecated": false
},
{
"digest": {
"line_hashes": [
"47046608624615622930177560709771685183",
"194641360184381549425257590460275412624",
"139884794825310905016259135416697305108",
"259500596138843463956889177522445842001",
"212544121139552102114326896341584240878",
"89807658068120893713777582982550097285",
"255701873901292851349303118865917679059",
"214974171178222258745804463157511048703",
"318505923140777316671232446159451952029",
"328012078847777082200558433231647663402",
"130158565531463742840180450103211605880",
"304380984672542470647496279960345952638",
"11162089187090273160278838759207807758",
"217084503069780415936307773928215989103",
"201175295262600773813173737412549900010",
"137548858104729479689134188354165936565",
"158085958205959907888065980390168282758",
"189464436489942351530425554280295970072",
"239556472438457997462726065886191908708",
"237104460207105493085655552365734204178",
"200801584932330728417604805085894932532",
"253948720097561314037740017470008607511",
"11162089187090273160278838759207807758",
"217084503069780415936307773928215989103",
"201175295262600773813173737412549900010",
"339637297358943280840580069774741184883",
"319534742506890774108324023207427011251",
"31715014149438746442061200716659433280",
"41385165144944008382475574492787650576",
"236927645373633912444085018866649400681",
"93997769982331429750454687128700868331",
"195562031773861926540625716807189715455",
"286003337292140095574121078072623275619",
"47201206304304013727664042334670440038",
"166554900967514592638665057971685025387",
"147877903682601192464001938137077084492",
"157123850956384256537754323694458791411",
"98722805409814379168205282875020149506",
"295438387008667287918697399247717392911",
"69014319662444873454418269067805579211",
"94969509099197577276827177009055989350",
"89859734561869337880477310277774260407",
"336198681138619638454950674177036565143",
"159045090670532191289184345827376437880",
"85154665596710342000533565392784041493",
"109756137831908630532491802696414620291",
"296124136830531637403014372756517715650",
"339679979370778558763951806222713078824",
"144561451749652966955069698026284207647",
"84178660729250509384808791349556402258",
"258363253781993100948784875649469570702",
"254800271134249292752619604554489502035",
"235250276563318354949875902089269780807",
"91880653963852602430003160139711284310",
"330387167280480769499668045200812223273",
"110969624258966693146321924932984851323",
"172624108229272545037395742836164239675",
"69752797621977337714418704504686711076",
"232039862979231830511795061345312685177",
"43997800431592241543098176566031453073",
"190125238566626691271676580062691733851",
"37275667143719386877621892972351505969",
"285291903971696997215312164834987613837",
"263891256338310016811865851256341456159",
"194362470606250621102912069020801609551",
"337387372469894038438598776897687997699",
"309830703605112246369506448873159104222",
"66310672318589283080475911048684330712",
"113476599837053895164617289750369897741",
"51546366770461910727961412182312067218",
"230582677044218801528656075657205196639",
"7732437799265741441441035168332151678",
"94174095093584589953339983112398755819",
"191369144033324139732754239020702664660",
"156185763898869890272605771181068897004",
"188535950418228688550060820055725022483",
"268577081031947162417891265049943760268",
"78172458305287951866179267125232064461",
"79566189869947006974559824842381855257",
"59025686902802705420097249561743417981",
"288881277274735771740969332488843848325",
"202434522486075317790088818795348495935",
"107180964763156535218781284799635561798",
"315581659224298100615873119971190738557",
"19167120323741709912510591995968270897",
"8803933956032890972112994830394099119",
"519420474055128018949900758646604522",
"289248110916951358165673954370783137833",
"159466775068371773250096979731390288137",
"40389147375635404464084787747569441578",
"147729501703723911147017594767721714286",
"97709689646163416211852132741019736946",
"325275393076721686243301026205026072263",
"290271951455457797285887284953028711310",
"202789131652642593141497252193504063254",
"193014548532050196750015480243103482087",
"223138510530444181410357821587172194401",
"5955990018477702818635287613555649725",
"13574307171843975231603881651508341406",
"143571671013488789371284527364625656746",
"133436267529753048824350337972594541352",
"157871772994797515946149958125142427415",
"149256075122705302434740240738495102410",
"109433124075265748779901059635297959103",
"314927112225979184350355060519080156883",
"40448999705968829532261278410250802456",
"29370907038173827405846010916499123151",
"244445279872020366705029596505170965261",
"328744988552622782963966287191274900479",
"38412275335890724127506498749493144705",
"65719000732580337204485342478415791052",
"64205778572887471242282144128922965862",
"138540698308446144861460348170117626917",
"296528182964819796752943407094338996904",
"264948221882266745374199846147663506734",
"79457625843580228838240259509849671640",
"234024059455900047838018296136655889568",
"198288216892821609303898366006994584412",
"255432363753223466944575185367319344168",
"337712990092038361664422089719183393141",
"48726881615698946653403177503445329678",
"289892044918121837448525039344292576741",
"203796473433087176307551541006790420970",
"60754695814585890367460296672773032506",
"121617336528256774651360472104769266737",
"211163690698347118834645938529192051478",
"194343841476452131472961793001670008427",
"305091306301356172536903509962154573578",
"147526412396661275265846007915822975609",
"306545451543496878991858461348067467405",
"166238931191093620251217558812628415562",
"175760553499884985494704168642870302000",
"92360492543379451611580101360985805980",
"290622223550107963981969313684451436721",
"210745112071897953740208499165913407685",
"274461503015858253808725060350302503065",
"163724473258093370807676640542326735275",
"286878399053740428146270552888185772661",
"90030654690741945617079466253326409037",
"264271043287161303755683025900855350548",
"296528182964819796752943407094338996904",
"233457195778613519980724544557408286798",
"196806501448360919681657415684043269860",
"48124087796859676868757076866466676905",
"127507625278551482083247483224221370793",
"120011081582974144389466392920381956235",
"8533808312905785866750690974671835209",
"179694674508685599471543162034698848416",
"96202907331174297330596713143177120842",
"150738739715142681353648013057106366775",
"80053420925249205597070683516621229794",
"205509457712827820304406408277093226959",
"215478648176125256451230474097165972038",
"216755991111579906371641494256319037134",
"97753508533959769763046458998330069766",
"124704200780641130732054627563655713986",
"149714325815717873334024350389347706090",
"156378890527804003671910464687074991093",
"288329560242048236441135850224065116586",
"16483345803705666593261826122706092625",
"30980835004542563494099245364356582302",
"276212558497032540415445835006475078755",
"164527345964939031145885643434204122637",
"176982277022786852105199290628514364487",
"34064989757354703427395802429385322434",
"233688244505393182465241175428353845713",
"4721932228492105932752488701878567627",
"43239540967682342879871859227169024861",
"295781849911063718100606600312670813117",
"178074669007698793626216416162334710323",
"274325127904665201880172274861420677478",
"154245907719714981591425421348062465104",
"244445279872020366705029596505170965261",
"328744988552622782963966287191274900479",
"38412275335890724127506498749493144705",
"128231647643626309362162022065693143280",
"45379458972267997452310168604810973037",
"313529577992323475150121098776184459170",
"34064989757354703427395802429385322434",
"158100097222430901624430404409483384030",
"293291542278843414916411958861739253659",
"298662124243630585867665199604577120080",
"180691242551409031826370793544205981549",
"200897655787656002693640095551841556378",
"276805624749138280611208605669120588533",
"167975907993679709848019166617466632501",
"25243529537847721524458633433656832652",
"7157919728300882089916523879966494616",
"116838972296954516902582028941816267128",
"216755991111579906371641494256319037134",
"97753508533959769763046458998330069766",
"124704200780641130732054627563655713986",
"255991447382906296093781747894545378544",
"164009414697935565907366526071938634799",
"116174533921887787129786017670533258198",
"154755225031018449238551897416285054458",
"92865131157444505386578472053471665501",
"30487254956408539410692752303194712162"
],
"threshold": 0.9
},
"target": {
"file": "src/http_server/api/v1/trace.c"
},
"signature_version": "v1",
"signature_type": "Line",
"id": "CVE-2024-4323-6eeed3f5",
"source": "https://github.com/fluent/fluent-bit/commit/9311b43a258352797af40749ab31a63c32acfd04",
"deprecated": false
},
{
"digest": {
"length": 225.0,
"function_hash": "96486142319647533461477212212092941455"
},
"target": {
"function": "disable_trace_input",
"file": "src/http_server/api/v1/trace.c"
},
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2024-4323-7dc89f17",
"source": "https://github.com/fluent/fluent-bit/commit/9311b43a258352797af40749ab31a63c32acfd04",
"deprecated": false
},
{
"digest": {
"length": 212.0,
"function_hash": "239199025626625644702336705379322166774"
},
"target": {
"function": "api_v1_trace",
"file": "src/http_server/api/v1/trace.c"
},
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2024-4323-8e067266",
"source": "https://github.com/fluent/fluent-bit/commit/9311b43a258352797af40749ab31a63c32acfd04",
"deprecated": false
},
{
"digest": {
"length": 315.0,
"function_hash": "1822158778098667473846548956369868123"
},
"target": {
"function": "enable_trace_input",
"file": "src/http_server/api/v1/trace.c"
},
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2024-4323-989381d1",
"source": "https://github.com/fluent/fluent-bit/commit/9311b43a258352797af40749ab31a63c32acfd04",
"deprecated": false
},
{
"digest": {
"length": 3946.0,
"function_hash": "198754172405517529813049711397763012477"
},
"target": {
"function": "cb_traces",
"file": "src/http_server/api/v1/trace.c"
},
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2024-4323-9a523258",
"source": "https://github.com/fluent/fluent-bit/commit/9311b43a258352797af40749ab31a63c32acfd04",
"deprecated": false
},
{
"digest": {
"length": 346.0,
"function_hash": "86833322259138924759112331051909686928"
},
"target": {
"function": "http_disable_trace",
"file": "src/http_server/api/v1/trace.c"
},
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2024-4323-cb053204",
"source": "https://github.com/fluent/fluent-bit/commit/9311b43a258352797af40749ab31a63c32acfd04",
"deprecated": false
},
{
"digest": {
"length": 2145.0,
"function_hash": "331135442401279560968752716042953747189"
},
"target": {
"function": "msgpack_params_enable_trace",
"file": "src/http_server/api/v1/trace.c"
},
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2024-4323-f2052559",
"source": "https://github.com/fluent/fluent-bit/commit/9311b43a258352797af40749ab31a63c32acfd04",
"deprecated": false
},
{
"digest": {
"length": 363.0,
"function_hash": "42766351579756181606570843205423000708"
},
"target": {
"function": "find_input",
"file": "src/http_server/api/v1/trace.c"
},
"signature_version": "v1",
"signature_type": "Function",
"id": "CVE-2024-4323-f40addd9",
"source": "https://github.com/fluent/fluent-bit/commit/9311b43a258352797af40749ab31a63c32acfd04",
"deprecated": false
}
]
}