Vulnerability Description
An issue was discovered in Fluent Bit 3.1.9. When the Prometheus Remote Write input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length is 0 allows a user (with access to the endpoint) to perform a remote Denial of service attack. The crash happens because of a NULL pointer dereference when 0 (from the Content-Length) is passed to the function cfl_sds_len, which in turn tries to cast a NULL pointer into struct cfl_sds. This is related to process_payload_metrics_ng() at prom_rw_prot.c.
CVSS Score
HIGH
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Treasuredata | Fluent Bit | 3.1.9 |
Related Weaknesses (CWE)
References
- https://fluentbit.io/announcements/Product
- https://github.com/fluent/fluent-bit/releasesRelease Notes
- https://www.ebryx.com/blogs/exploring-cve-2024-50608-and-cve-2024-50609ExploitThird Party Advisory
FAQ
What is CVE-2024-50608?
CVE-2024-50608 is a vulnerability with a CVSS score of 7.5 (HIGH). An issue was discovered in Fluent Bit 3.1.9. When the Prometheus Remote Write input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crash...
How severe is CVE-2024-50608?
CVE-2024-50608 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2024-50608?
Check the references section above for vendor advisories and patch information. Affected products include: Treasuredata Fluent Bit.