Notice of Fluent Bit Memory Corruption Vulnerability (CVE-2024-4323)

Fluent Bit is a powerful, flexible, and user-friendly tool for processing and forwarding logs. It can be used with applications and systems of all sizes and types, including Linux, Windows, embedded Linux, and macOS. Fluent Bit is a widely used logging tool among cloud providers and enterprises, with over 13 billion downloads and deployments to date.

Description

**Table 1** Vulnerability details
Type	CVE-ID	Severity	Discovered
Buffer overflow	CVE-2024-4323	Critical	2024-05-20

Impact

Fluent Bit versions 2.0.7 to 3.0.3 have a heap buffer overflow vulnerability in the embedded HTTP server's parsing of trace requests. The vulnerability arises from the incorrect verification of the data type of input_name during the parsing of incoming requests for the /api/v1/traces endpoint. This allows non-string values, including integer values, to be transferred in the inputs array of requests, which can lead to memory corruption. Attackers can exploit this vulnerability to cause a denial of service, information leakage, or remote code execution.

CCE clusters that have the Cloud Native Logging add-on version 1.3.4 to 1.5.1 installed are vulnerable to this issue.

Identification Method

You can go to Add-ons and check whether the Cloud Native Logging add-on has been installed and its version.
Figure 1 Viewing the installed add-on version
If the add-on version falls between 1.3.4 and 1.5.1, the vulnerability exists.

Mitigation

Cloud Native Logging 1.5.2 on CCE has addressed this vulnerability. To minimize the impact of the vulnerability, it is recommended that you disable the metric reporting API before fixing it.

Run the following command on the target node:

kubectl edit cm -n monitoring log-agent-fluent-bit-config-service

Change HTTP_Server On to HTTP_Server Off and save the change.
Restart the log-agent-log-operator component in the monitoring namespace.