Walmart, Amazon-used utility bug permitting RCE attacks

A critical memory corruption vulnerability in Fluent Bit, an essential component utilized by leading cloud service providers and major tech companies, is allowing attackers to obtain potentially sensitive data.

Researchers at Tenable have discovered a vulnerability in Fluent Bit, an open-source data collector and processor often used in cloud-based environments. The vulnerability could be exploited to achieve denial-of-service (DoS), information disclosure, or remote code execution (RCE) attacks.

The affected utility is immensely popular, boasting three billion downloads up until 2022 and 10 million daily deployments. Virtually all major cloud providers use Fluent Bit, including Google Cloud, Amazon Web Services (AWS), and Microsoft. Major companies such as LinkedIn, VMware, Walmart, Cisco, and others also rely on the utility.

Tracked as CVE-2024-4323, the bug is a critical memory corruption vulnerability in Fluent Bit’s built-in HTTP server, affecting versions 2.0.7. through 3.0.3. Researchers succeeded in exploiting the bug to “crash the service and cause a denial of service scenario” and retrieve parts of data returned in the HTTP responses.

“While this is generally unlikely to reveal anything other than previous metrics requests, the researchers were able to occasionally retrieve partial secrets during their testing, indicating that this issue could potentially leak sensitive information,” researchers said.

According to the report, while crafting an exploit for remote code execution is difficult, it’s not impossible. However, researchers note that creating a reliable exploit is difficult and time-intensive, leading researchers to believe that malicious actors would opt to abuse the flaw to carry out DoS attacks or leak data.

To avoid attackers exploiting the bug, researchers advise users to upgrade the utility to the latest version, ensuring that only authorized users and services are able to query Fluent Bit. Meanwhile, companies that rely on cloud services that are known to use the utility are advised to reach out to cloud service providers.