Help Center/ Cloud Container Engine/ Product Bulletin/ Vulnerability Notices/ Notice of Fluent Bit Memory Corruption Vulnerability (CVE-2024-4323)
Updated on 2024-08-17 GMT+08:00

Notice of Fluent Bit Memory Corruption Vulnerability (CVE-2024-4323)

Fluent Bit is a powerful, flexible, and user-friendly tool for processing and forwarding logs. It can be used with applications and systems of all sizes and types, including Linux, Windows, embedded Linux, and macOS. Fluent Bit is a widely used logging tool among cloud providers and enterprises, with over 13 billion downloads and deployments to date.

Description

Table 1 Vulnerability details

Type

CVE-ID

Severity

Discovered

Buffer overflow

CVE-2024-4323

Critical

2024-05-20

Impact

Fluent Bit versions 2.0.7 to 3.0.3 have a heap buffer overflow vulnerability in the embedded HTTP server's parsing of trace requests. The vulnerability arises from the incorrect verification of the data type of input_name during the parsing of incoming requests for the /api/v1/traces endpoint. This allows non-string values, including integer values, to be transferred in the inputs array of requests, which can lead to memory corruption. Attackers can exploit this vulnerability to cause a denial of service, information leakage, or remote code execution.

CCE clusters that have the Cloud Native Logging add-on version 1.3.4 to 1.5.1 installed are vulnerable to this issue.

Identification Method

  1. You can go to Add-ons and check whether the Cloud Native Logging add-on has been installed and its version.
    Figure 1 Viewing the installed add-on version
  2. If the add-on version falls between 1.3.4 and 1.5.1, the vulnerability exists.

Mitigation

Cloud Native Logging 1.5.2 on CCE has addressed this vulnerability. To minimize the impact of the vulnerability, it is recommended that you disable the metric reporting API before fixing it.

  1. Run the following command on the target node:
    kubectl edit cm -n monitoring log-agent-fluent-bit-config-service
  2. Change HTTP_Server On to HTTP_Server Off and save the change.

  3. Restart the log-agent-log-operator component in the monitoring namespace.