On May 20, 2024, Tenable Research published information about a memory corruption vulnerability in Fluent Bit that may result in a denial of service, information disclosure, or remote code execution. For more information, refer to the Tenable Research Advisory.
The CVE ID CVE-2024-4323 is assigned to this vulnerability and classified as a Critical severity with a CVSS score of 9.8 by Tenable Research. For further technical details about the vulnerability, refer to Fluent Bit's official advisory.
IONOS Cloud infrastructure and services do not utilize the vulnerable software and are not impacted.
Users using Fluent Bit versions 2.0.7 through 3.0.3 in their Virtual Data Centers (VDCs) are vulnerable and must update their software to 2.2.3 or 3.0.4.
If you have further questions or concerns about this vulnerability, contact IONOS Cloud Support.