Fluent Bit vulnerability threatens almost all popular cloud platforms

The tool is extremely popular, with its website claiming it was downloaded at least 10 billion times. Apparently, many cybersecurity and tech companies also use it as part of their tech stack.

Difficult to exploit

As of version 2.0.7, Fluent Bit was found to be vulnerable to heap buffer overflow, which resulted in critical memory corruption. The researchers dubbed it Linguistic Lumberjack. It is tracked as CVE-2024-4323, but apparently exploiting it is not as straightforward.

"While heap buffer overflows such as this are known to be exploitable, creating a reliable exploit is not only difficult, but incredibly time intensive," Tenable said. "The researchers believe that the most immediate and primary risks are those pertaining to the ease with which DoS and information leaks can be accomplished."

Tenable notified Fluent Bit’s maintainers on April 30, with fixes being committed to the main branch roughly two weeks later, on May 15. Users can expect Fluent Bit version 3.0.4 to be protected from this vulnerability, and should apply the patch as soon as possible. 

Those who are unable to immediately patch their endpoints should mitigate the issue by limiting access to Fluent Bit's monitoring API to authorized users and services. Even less risky mitigation would include completely disabling the vulnerable API.

“While these utilities are known to contain lots of juicy information for attackers, it’s important to realize that information leakage isn’t the only thing to be concerned with,” Tenable concluded. “It’s essential for organizations to update these utilities regularly, adopt adequate defense-in-depth measures, and utilize the principle of least privilege to ensure these tools cannot be misused by attackers.”

Via BleepingComputer

More from TechRadar Pro

• The US State Department told Microsoft that emails in its cloud were hacked last month
• Here's a list of the best firewalls today
• These are the best endpoint protection tools right now