cbcvebase.
CVE-2024-23722
published 2024-03-26

CVE-2024-23722: In Fluent Bit 2.1.8 through 2.2.1, a NULL pointer dereference can be caused via an invalid HTTP payload with the content type of x-www-form-urlencoded. It…

PriorityP336high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
0.94%
56.6th percentile
In Fluent Bit 2.1.8 through 2.2.1, a NULL pointer dereference can be caused via an invalid HTTP payload with the content type of x-www-form-urlencoded. It crashes and does not restart. This could result in logs not being delivered properly.

Affected

6 ranges
VendorProductVersion rangeFixed in
msrccbl2_fluent-bit_2.1.10-3_on_cbl_mariner_2.0
msrccbl2_fluent-bit_2.2.2-1_on_cbl_mariner_2.0
netdatanetdata>= 0 < 1.9.0+dfsg-1ubuntu0.1~esm11.9.0+dfsg-1ubuntu0.1~esm1
netdatanetdata>= 0 < 1.19.0-3ubuntu1+esm11.19.0-3ubuntu1+esm1
netdatanetdata>= 0 < 1.33.1-1ubuntu1+esm11.33.1-1ubuntu1+esm1
treasuredatafluent_bit>= 2.1.8 < 2.2.22.2.2

CVSS provenance

nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH
vendor_msrc7.5HIGH
vendor_ubuntu6.5MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.