2024-05-20
Fluent Bit Vulnerability
A memory corruption vulnerability in the Fluent Bit logging utility could be exploited to create denial-of-service conditions, allow information disclosure, and possibly allow remote code execution according to a report from Tenable. Fluent Bity has been downloaded billions of times. The vulnerability affects versions 2.0.7 through 3.0.3, and has been fixed in Fluent Bit version 3.0.4.
Editor's Note
Ask any cloud service providers in use if they use Fluent Bit and are they on the latest version and if they can assure you that use of an older version did not lead to compromise.

John Pescatore
If you're using Fluent Bit, make sure you've updated to 3.0.4. The harder question will be asking your cloud providers if they are and which version is in place. If you're referencing a provided SBOM, make sure that it is both current and that you're checking the Vulnerability-Exploitability eXchange (VEX) data for applicability of vulnerabilities.

Lee Neely
This goes back to things like SBOM and Cloud Providers. If your cloud provider is using this and patches it, you will never technically know about it unless you have these libraries exposed to you. Then again, how do you know they fully patched it?

Moses Frost
Read more in
Tenable: Linguistic Lumberjack: Attacking Cloud Services via Logging Endpoints (Fluent Bit - CVE-2024-4323)
Tenable: Fluent Bit Memory Corruption Vulnerability
GitHub: fluent / fluent-bit | Merge pull request from GHSA-5rjf-prwh-pp7q
NVD: CVE-2024-4323 Detail
Dark Reading: Critical Bug Allows DoS, RCE, Data Leaks in All Major Cloud Platforms
Security Week: Vulnerability Found in Fluent Bit Utility Used by Major Cloud, Tech Companies
Bleeping Computer: Critical Fluent Bit flaw impacts all major cloud providers