CVE-2024-50609
published 2025-02-18CVE-2024-50609: An issue was discovered in Fluent Bit 3.1.9. When the OpenTelemetry input plugin is running and listening on an IP address and port, one can send a packet with…
PriorityP340high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
EPSS
1.04%
59.6th percentile
An issue was discovered in Fluent Bit 3.1.9. When the OpenTelemetry input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length is 0 allows a user (with access to the endpoint) to perform a remote Denial of service attack. The crash happens because of a NULL pointer dereference when 0 (from the Content-Length) is passed to the function cfl_sds_len, which in turn tries to cast a NULL pointer into struct cfl_sds. This is related to process_payload_traces_proto_ng() at opentelemetry_prot.c.
Affected
4 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| msrc | azl3_fluent-bit_3.1.9-3_on_azure_linux_3.0 | — | — |
| msrc | azl3_fluent-bit_3.1.9-4_on_azure_linux_3.0 | — | — |
| msrc | cbl2_fluent-bit_3.0.6-2_on_cbl_mariner_2.0 | — | — |
| treasuredata | fluent_bit | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
vendor_msrc7.5HIGH
vendor_oracle4.5HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-4g89-mg9x-4chc: An issue was discovered in Fluent Bit 3
ghsa_unreviewed·2025-02-18
CVE-2024-50609 [HIGH] CWE-476 GHSA-4g89-mg9x-4chc: An issue was discovered in Fluent Bit 3
An issue was discovered in Fluent Bit 3.1.9. When the OpenTelemetry input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length is 0 allows a user (with access to the endpoint) to perform a remote Denial of service attack. The crash happens because of a NULL pointer dereference when 0 (from the Content-Length) is passed to the function cfl_sds_len, which in turn tries to cast a NULL pointer into struct cfl_sds. This is related to process_payload_traces_proto_ng() at opentelemetry_prot.c.
Oracle
Oracle Oracle Communications Applications Risk Matrix: Core (fluentbit) — CVE-2024-50609
vendor_oracle·2025-10-15·CVSS 4.5
CVE-2024-50609 [HIGH] Oracle Oracle Communications Applications Risk Matrix: Core (fluentbit) — CVE-2024-50609
Oracle Oracle Communications Applications Risk Matrix: Core (fluentbit) vulnerability
CVE: CVE-2024-50609
CVSS: 4.5
Protocol: HTTP
Remote exploit: No
Affected versions: Network
Advisory: cpuoct2025 (OCT 2025)
Microsoft
An issue was discovered in Fluent Bit 3.1.9. When the OpenTelemetry input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the ser
vendor_msrc·2025-02-11·CVSS 7.5
CVE-2024-50609 [HIGH] CWE-476 An issue was discovered in Fluent Bit 3.1.9. When the OpenTelemetry input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the ser
An issue was discovered in Fluent Bit 3.1.9. When the OpenTelemetry input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length is 0 allows a user (with access to the endpoint) to perform a remote Denial of service attack. The crash happens because of a NULL pointer dereference when 0 (from the Content-Length) is passed to the function cfl_sds_len, which in turn tries to cast a NULL pointer into struct cfl_sds. This is related to process_payload_traces_proto_ng() at opentelemetry_prot.c.
FAQ: Is Azure Linux the only Microsoft product that includes this open-source library and is therefore potentially affected by this vulnerability?
One of the main benefits to our
No detection rules found.
No public exploits indexed.
No writeups or analysis indexed.
2025-02-18
Published