CVE-2024-50608
Published: 18 February 2025
Description
Adversaries may exploit software vulnerabilities that can cause an application or system to crash and deny availability to users.
Security Summary
CVE-2024-50608 is a NULL pointer dereference vulnerability (CWE-476) in Fluent Bit version 3.1.9, specifically within the Prometheus Remote Write input plugin. When the plugin is configured to listen on an IP address and port, it improperly handles incoming packets with a Content-Length header set to 0. This triggers a crash due to passing a zero length to the cfl_sds_len function, which attempts to cast a NULL pointer to a struct cfl_sds, occurring in the process_payload_metrics_ng function in prom_rw_prot.c.
Any unauthenticated attacker with network access to the exposed endpoint can exploit this vulnerability remotely over the network with low complexity and no user interaction required. Successful exploitation results in a denial-of-service condition by crashing the Fluent Bit server, with a CVSS v3.1 base score of 7.5 (AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H), reflecting high availability impact but no effects on confidentiality or integrity.
Official mitigation details are provided in the Fluent Bit announcements at https://fluentbit.io/announcements/, the project's GitHub releases page at https://github.com/fluent/fluent-bit/releases, and an analysis blog at https://www.ebryx.com/blogs/exploring-cve-2024-50608-and-cve-2024-50609. The vulnerability was published on 2025-02-18.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
The vulnerability in Fluent Bit's Prometheus Remote Write input plugin allows remote attackers with endpoint access to crash the service via a Content-Length: 0 packet, causing a NULL pointer dereference and enabling endpoint denial of service through application exploitation.