Fluent Bit vulnerability threatens almost all popular cloud platforms

Data leak
(Image credit: Shutterstock)

Cybersecurity researchers from Tenable have discovered a critical vulnerability in Fluent Bit which allows malicious actors to run denial-of-service attacks, or execute bad code, remotely.

Fluent Bit is a logging and metrics solution for Windows, macOS, and Linux, and embedded in all the major Kubernetes distributions, including Amazon AWS, Google GCP, and Microsoft Azure.

The tool is extremely popular, with its website claiming it was downloaded at least 10 billion times. Apparently, many cybersecurity and tech companies also use it as part of their tech stack.

Difficult to exploit

As of version 2.0.7, Fluent Bit was found to be vulnerable to heap buffer overflow, which resulted in critical memory corruption. The researchers dubbed it Linguistic Lumberjack. It is tracked as CVE-2024-4323, but apparently exploiting it is not as straightforward.

"While heap buffer overflows such as this are known to be exploitable, creating a reliable exploit is not only difficult, but incredibly time intensive," Tenable said. "The researchers believe that the most immediate and primary risks are those pertaining to the ease with which DoS and information leaks can be accomplished."

Tenable notified Fluent Bit’s maintainers on April 30, with fixes being committed to the main branch roughly two weeks later, on May 15. Users can expect Fluent Bit version 3.0.4 to be protected from this vulnerability, and should apply the patch as soon as possible. 

Those who are unable to immediately patch their endpoints should mitigate the issue by limiting access to Fluent Bit's monitoring API to authorized users and services. Even less risky mitigation would include completely disabling the vulnerable API.

“While these utilities are known to contain lots of juicy information for attackers, it’s important to realize that information leakage isn’t the only thing to be concerned with,” Tenable concluded. “It’s essential for organizations to update these utilities regularly, adopt adequate defense-in-depth measures, and utilize the principle of least privilege to ensure these tools cannot be misused by attackers.”

Via BleepingComputer

More from TechRadar Pro

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.