CVE-2024-50609

CVSS 3.1 Score 7.5 of 10 (high)

Details

Published Feb 18, 2025

Updated: Feb 19, 2025

CWE ID 476

Summary

CVE-2024-50609 is a newly disclosed vulnerability in Fluent Bit 3.1.9. This issue affects the OpenTelemetry input plugin when it listens for input on a specific IP address and port. A malicious user with access to the endpoint can exploit this vulnerability by sending a packet with a Content-Length of 0, causing the server to crash. The crash occurs due to a NULL pointer dereference in the function cfl_sds_len, which tries to convert a NULL pointer into a struct cfl_sds. This vulnerability can be exploited to perform a remote Denial of Service attack.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

Advisories, Assessments, and Mitigations

https://app.recordedfuture.com/live/sc/entity/z6KG_c
https://www.cve.org/CVERecord?id=CVE-2024-50609
https://nvd.nist.gov/vuln/detail/CVE-2024-50609

Back to Vulnerability Database

CVE-2024-50609

CVSS 3.1 Score 7.5 of 10 (high)

Details

Summary

Affected Products

Advisories, Assessments, and Mitigations