Denial of Service Vulnerability in Fluent Bit by Fluent, Inc.
CVE-2024-50609

7.5HIGH

Key Information:

Vendor

Fluent, Inc.

Status
Fluent Bit
Vendor
CVE Published:
18 February 2025

Badges

📰 News Worthy

What is CVE-2024-50609?

A vulnerability has been identified in Fluent Bit version 3.1.9, specifically related to the OpenTelemetry input plugin. When this plugin is operational and listening on a specified IP address and port, it is susceptible to a Denial of Service attack. This occurs when a malicious actor sends a packet with a Content-Length header set to zero. Due to improper handling of the zero-length content, the server may crash as it encounters a NULL pointer dereference during processing. This vulnerability highlights the need for robust input handling mechanisms in server applications to prevent potential exploitation.

News Articles

favicon imageRescana

Comprehensive Analysis of Fluent Bit Vulnerabilities CVE-2024-50608 and CVE-2024-50609: Mitigating DoS Risks

Executive SummaryThis report presents an in-depth examination of vulnerabilities CVE-2024-50608 and CVE-2024-50609 found in Fluent Bit, version 3.1.9. These vulnerabilities are of significant concern due to their potential to cause Denial of Service (DoS) via null pointer dereference, impacting ente...

References

https://fluentbit.io/announcements/
https://github.com/fluent/fluent-bit/releases
https://www.ebryx.com/blogs/exploring-cve-2024-50608-and-...

CVSS V3.1

Score:
7.5
Severity:
HIGH
Confidentiality:
None
Integrity:
None
Availability:
None
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
None
User Interaction:
None
Scope:
Unchanged

Timeline

  • 📰

    First article discovered by Rescana

  • Vulnerability published

  • Vulnerability Reserved

JSON
.
CVE-2024-50609 : Denial of Service Vulnerability in Fluent Bit by Fluent, Inc.