Cybersecurity scientists have learned a critical security flaw in a well known logging and metrics utility referred to as Fluent Bit that could be exploited to attain denial-of-provider (DoS), data disclosure, or distant code execution.
The vulnerability, tracked as CVE-2024-4323, has been codenamed Linguistic Lumberjack by Tenable Study. It impacts variations from 2..7 through 3..3, with fixes out there in edition 3..4.
The issue relates to a situation of memory corruption in Fluent Bit’s created-in HTTP server that could permit for DoS, information and facts leakage, or distant code execution.
Specially, it relates to sending maliciously crafted requests to the checking API by way of endpoints this kind of as /api/v1/traces and /api/v1/trace.
“Irrespective of whether or not any traces are configured, it is nevertheless doable for any consumer with obtain to this API endpoint to query it,” security researcher Jimi Sebree explained.
“During the parsing of incoming requests for the /api/v1/traces endpoint, the information styles of enter names are not thoroughly validated in advance of getting parsed.”
By default, the knowledge kinds are assumed to be strings (i.e., MSGPACK_Item_STR), which a danger actor could exploit by passing non-string values, leading to memory corruption.
Tenable mentioned it was equipped to reliably exploit the issue to crash the services and lead to a DoS problem. Remote code execution, on the other hand, is dependent on a selection of environmental variables this sort of as host architecture and running system.
Customers are proposed to update to the latest edition to mitigate opportunity security threats, in particular provided that a proof-of-thought (PoC) exploit has been manufactured out there for the flaw.
Observed this report intriguing? Follow us on Twitter and LinkedIn to read more distinctive articles we write-up.
Some parts of this article are sourced from:
thehackernews.com