{
    "data_version": "4.0",
    "data_type": "CVE",
    "data_format": "MITRE",
    "CVE_data_meta": {
        "ID": "CVE-2024-4323",
        "ASSIGNER": "vulnreport@tenable.com",
        "STATE": "PUBLIC"
    },
    "description": {
        "description_data": [
            {
                "lang": "eng",
                "value": "A memory corruption vulnerability in Fluent Bit versions 2.0.7 thru 3.0.3. This issue lies in the embedded http server\u2019s parsing of trace requests and may result in denial of service conditions, information disclosure, or remote code execution."
            }
        ]
    },
    "problemtype": {
        "problemtype_data": [
            {
                "description": [
                    {
                        "lang": "eng",
                        "value": "CWE-122 Heap-based Buffer Overflow",
                        "cweId": "CWE-122"
                    }
                ]
            }
        ]
    },
    "affects": {
        "vendor": {
            "vendor_data": [
                {
                    "vendor_name": "Fluent Bit",
                    "product": {
                        "product_data": [
                            {
                                "product_name": "Fluent Bit",
                                "version": {
                                    "version_data": [
                                        {
                                            "version_affected": "<=",
                                            "version_name": "2.0.7",
                                            "version_value": "3.0.3"
                                        }
                                    ]
                                }
                            }
                        ]
                    }
                }
            ]
        }
    },
    "references": {
        "reference_data": [
            {
                "url": "https://tenable.com/security/research/tra-2024-17",
                "refsource": "MISC",
                "name": "https://tenable.com/security/research/tra-2024-17"
            },
            {
                "url": "https://github.com/fluent/fluent-bit/commit/9311b43a258352797af40749ab31a63c32acfd04",
                "refsource": "MISC",
                "name": "https://github.com/fluent/fluent-bit/commit/9311b43a258352797af40749ab31a63c32acfd04"
            }
        ]
    },
    "generator": {
        "engine": "Vulnogram 0.2.0"
    },
    "source": {
        "discovery": "UNKNOWN"
    },
    "solution": [
        {
            "lang": "en",
            "supportingMedia": [
                {
                    "base64": false,
                    "type": "text/html",
                    "value": "A fix for this issue is introduced in versions 2.2.3 and 3.0.4.<br>"
                }
            ],
            "value": "A fix for this issue is introduced in versions 2.2.3 and 3.0.4."
        }
    ],
    "impact": {
        "cvss": [
            {
                "attackComplexity": "LOW",
                "attackVector": "NETWORK",
                "availabilityImpact": "HIGH",
                "baseScore": 9.8,
                "baseSeverity": "CRITICAL",
                "confidentialityImpact": "HIGH",
                "integrityImpact": "HIGH",
                "privilegesRequired": "NONE",
                "scope": "UNCHANGED",
                "userInteraction": "NONE",
                "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
                "version": "3.1"
            }
        ]
    }
}