Critical Fluent Bit flaw impacts all major cloud providers
A critical Fluent Bit vulnerability that can be exploited in denial-of-service and remote code execution attacks impacts all major cloud providers and many technology giants.
Fluent Bit is an extremely popular logging and metrics solution for Windows, Linux, and macOS embedded in major Kubernetes distributions, including those from Amazon AWS, Google GCP, and Microsoft Azure.
Until March 2024, Fluent Bit was downloaded and deployed over 13 billion times, a massive increase from the three billion downloads reported in October 2022.
Fluent Bit is also used by cybersecurity firms like Crowdstrike and Trend Micro, and many tech companies, such as Cisco, VMware, Intel, Adobe, and Dell.
Tracked as CVE-2024-4323 and dubbed Linguistic Lumberjack by Tenable security researchers who discovered it, this critical memory corruption vulnerability was introduced with version 2.0.7 and is caused by a heap buffer overflows weakness in Fluent Bit's embedded HTTP server's parsing of trace requests.
Even though unauthenticated attackers can easily exploit the security flaw to trigger denial-of-service or to capture sensitive information remotely, they could also use it to gain remote code execution if given the right conditions and enough time to create a reliable exploit.
"While heap buffer overflows such as this are known to be exploitable, creating a reliable exploit is not only difficult, but incredibly time intensive," Tenable said.
"The researchers believe that the most immediate and primary risks are those pertaining to the ease with which DoS and information leaks can be accomplished."
Patches shipping with Fluent Bit 3.0.4
Tenable reported the security bug to the vendor on April 30, and fixes were committed to Fluent Bit's main branch on May 15. Official releases containing this patch are expected to ship with Fluent Bit 3.0.4 (Linux packages are available here).
Tenable also notified Microsoft, Amazon, and Google of this critical security bug on May 15 through their vulnerability disclosure platforms.
Until fixes are available for all impacted platforms, customers who have deployed this logging utility on their own infrastructure can mitigate the issue by limiting access to Fluent Bit's monitoring API to authorized users and services.
You can also disable this vulnerable API endpoint if it's not being used to ensure that any potential attacks are blocked and the attack surface is removed.
Grafana: Open-source data visualization platform
OmniVision discloses data breach after 2023 ransomware attack
CVE-2025-22224 VMware ESXi and Workstation TOCTOU Race Condition Vulnerability
CVE-2020-29574 CyberoamOS (CROS) SQL Injection Vulnerability
CVE-2022-43769 Hitachi Vantara Pentaho BA Server Special Element Injection Vulnerability
CVE-2022-43939 Hitachi Vantara Pentaho BA Server Authorization Bypass Vulnerability
CVE-2025-2783 Google Chromium Mojo Sandbox Escape Vulnerability
CVE-2018-19410 Paessler PRTG Network Monitor Local File Inclusion Vulnerability
CVE-2018-8639 Microsoft Windows Win32k Improper Resource Shutdown or Release Vulnerability
CVE-2024-40890 Zyxel DSL CPE OS Command Injection Vulnerability
CVE-2017-0148 Microsoft SMBv1 Server Remote Code Execution Vulnerability
InformationalInformation Disclosure - Suspicious Comments
InformationalRe-examine Cache-control Directives
Free online web security scanner