Advisory on CVE-2024-4323

Fluent Bit Memory Corruption Vulnerability

On May 20, 2024, Tenable Research published information about a memory corruption vulnerability in Fluent Bit that may result in a denial of service, information disclosure, or remote code execution. For more information, refer to the Tenable Research Advisory.

The CVE ID CVE-2024-4323 is assigned to this vulnerability and classified as a Critical severity with a CVSS score of 9.8 by Tenable Research. For further technical details about the vulnerability, refer to Fluent Bit's official advisory.

Impacted IONOS Cloud Products

IONOS Cloud infrastructure and services do not utilize the vulnerable software and are not impacted.

What action can you take to mitigate the vulnerability?

Users using Fluent Bit versions 2.0.7 through 3.0.3 in their Virtual Data Centers (VDCs) are vulnerable and must update their software to 2.2.3 or 3.0.4.

How can I get help?

If you have further questions or concerns about this vulnerability, contact IONOS Cloud Support.