CVE-2024-50608

Summary

CVE-2024-50608 is a newly identified vulnerability affecting Fluent Bit 3.1.9. When the Prometheus Remote Write input plugin is in operation and listening on a specific IP address and port, an attacker can exploit it by sending a packet with a Content-Length of 0. This leads to a NULL pointer dereference in the cfl_sds_len function, resulting in a crash. The function attempts to cast a NULL pointer into a struct cfl_sds, which is located in the process_payload_metrics_ng() function at prom_rw_prot.c. This vulnerability allows remote Denial of Service attacks against systems that have access to the affected endpoint.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.