VDB
CVE-2024-23722
CVE-2024-23722
PUBLISHED
In Fluent Bit 2.1.8 through 2.2.1, a NULL pointer dereference can be caused via an invalid HTTP payload with the content type of x-www-form-urlencoded. It crashes and does not restart. This could result in logs not being delivered properly.
EPSS 0.88% · 75.7th percentile
Risk Scores
EPSS Score
0.88%
75.7th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Bitnami | fluent-bit | 2.1.8, 2.1.8 |
| Bitnami | fluent-bit | 2.1.8 |
Exploit Intelligence
- alexcote1/CVE-2024-23722-poc (github-poc)
- alexcote1/CVE-2024-23722-poc (github-poc)
- alexcote1/CVE-2024-23722-poc (github-poc)
- alexcote1/CVE-2024-23722-poc (github-poc)
- alexcote1/CVE-2024-23722-poc (github-poc)
- alexcote1/CVE-2024-23722-poc (github-poc)
- alexcote1/CVE-2024-23722-poc (github-poc)
- alexcote1/CVE-2024-23722-poc (github-poc)
- https://medium.com/%40adurands82/fluent-bit-dos-vulnerability-cve-2024-23722-4e3e74af9d00 (nist-nvd)
- https://github.com/fluent/fluent-bit/compare/v2.2.1...v2.2.2 (circl)
…and 1 more exploits
Timeline
- Mar 26, 2024 CVE Published
- Mar 27, 2024 EPSS Score
- Apr 22, 2024 EPSS Score
- Jun 12, 2024 EPSS Score
- Jul 7, 2024 EPSS Score
- Aug 2, 2024 EPSS Score
- Aug 6, 2024 CVE Updated
- Aug 28, 2024 EPSS Score
- Oct 4, 2024 Coalition ESS Score
- Oct 18, 2024 EPSS Score
- Nov 13, 2024 EPSS Score
- Dec 9, 2024 EPSS Score