# Advisory on CVE-2024-4323

## Fluent Bit Memory Corruption Vulnerability

On May 20, 2024, Tenable Research published information about a memory corruption vulnerability in Fluent Bit that may result in a denial of service, information disclosure, or remote code execution. For more information, refer to the [<mark style="color:blue;">Tenable Research Advisory</mark>](https://www.tenable.com/security/research/tra-2024-17).

The CVE ID [<mark style="color:blue;">CVE-2024-4323</mark>](https://nvd.nist.gov/vuln/detail/CVE-2024-4323) is assigned to this vulnerability and classified as a **Critical** severity with a CVSS score of **9.8** by Tenable Research. For further technical details about the vulnerability, refer to [<mark style="color:blue;">Fluent Bit's official advisory</mark>](https://fluentbit.io/blog/2024/05/21/statement-on-cve-2024-4323-and-its-fix/).

## Impacted IONOS Cloud products

IONOS Cloud infrastructure and services do not utilize the vulnerable software and are not impacted.

## What action can you take to mitigate the vulnerability?

Users using Fluent Bit versions 2.0.7 through 3.0.3 in their [<mark style="color:blue;">Virtual Data Centers (VDCs)</mark>](https://docs.ionos.com/cloud/support/general-information/glossary-of-terms#virtual-data-center-vdc) are vulnerable and must update their software to 2.2.3 or 3.0.4.

## How can I get help?

If you have further questions or concerns about this vulnerability, contact [<mark style="color:blue;">IONOS Cloud Support</mark>](https://docs.ionos.com/cloud/support/general-information/contact-information).