Home Security “Linguistic Lumberjack” Vulnerability Discovered in Popular Logging Utility Fluent Bit

“Linguistic Lumberjack” Vulnerability Discovered in Popular Logging Utility Fluent Bit

by


May 21, 2024NewsroomCyber Attack / API Security

Cybersecurity researchers have discovered a critical security flaw in a popular logging and metrics utility called Fluent Bit that could be exploited to achieve denial-of-service (DoS), information disclosure, or remote code execution.

The vulnerability, tracked as CVE-2024-4323, has been codenamed Linguistic Lumberjack by Tenable Research. It impacts versions from 2.0.7 through 3.0.3, with fixes available in version 3.0.4.

The issue relates to a case of memory corruption in Fluent Bit’s built-in HTTP server that could allow for DoS, information leakage, or remote code execution.

Specifically, it relates to sending maliciously crafted requests to the monitoring API through endpoints such as /api/v1/traces and /api/v1/trace.

Cybersecurity

“Regardless of whether or not any traces are configured, it is still possible for any user with access to this API endpoint to query it,” security researcher Jimi Sebree said.

“During the parsing of incoming requests for the /api/v1/traces endpoint, the data types of input names are not properly validated before being parsed.”

Fluent Bit Vulnerability

By default, the data types are assumed to be strings (i.e., MSGPACK_OBJECT_STR), which a threat actor could exploit by passing non-string values, leading to memory corruption.

Tenable said it was able to reliably exploit the issue to crash the service and cause a DoS condition. Remote code execution, on the other hand, is dependent on a variety of environmental factors such as host architecture and operating system.

Users are recommended to update to the latest version to mitigate potential security threats, especially given that a proof-of-concept (PoC) exploit has been made available for the flaw.

Found this article interesting? Follow us on Twitter and LinkedIn to read more exclusive content we post.





Source link

Related Articles

xxxanti beeztube.mobi hot sexy mp4 menyoujan hentaitgp.net jason voorhees hentai indian soft core chupatube.net youjzz ez2 may 8 2023 pinoycinema.org ahensya ng pamahalaan pakistani chut ki chudai pimpmovs.com www xvedio dost ke papa zztube.mobi 300mbfilms.in صور مص الزب arabporna.net نهر العطش لمن تشعر بالحرمان movierulz plz.in bustyporntube.info how to make rangoli video 穂高ゆうき simozo.net 四十路五十路 ロシアav javvideos.net 君島みお 無修正 افلام سكس في المطبخ annarivas.net فيلم سكس قديم rashmi hot videos porncorn.info audiosexstories b grade latest nesaporn.pro high school girls sex videos real life cam eroebony.info painfull porn exbii adult pics teacherporntrends.com nepali school sex