Primary

Context

Fluent Bit Denial-of-Service Vulnerability via Use-After-Free in YAML Configuration Parsing

Vulnerability

A use-after-free vulnerability has been identified in Fluent Bit version 3.7.2. This issue allows a local attacker to cause a denial-of-service by exploiting improper memory management during YAML configuration parsing. The vulnerability arises in the 'cfl_list_size' function, where memory is not correctly handled, leading to a heap-use-after-free condition. This can be reproduced by running Fluent Bit with a crafted YAML configuration that triggers the vulnerability.

Impact

Exploitation of this vulnerability leads to a denial-of-service condition, causing Fluent Bit to crash.

Reproduction

The vulnerability can be reproduced by running Fluent Bit with a configuration file that includes 'test/nested.yaml'. This file should be referenced in a 'poc.yaml' file under the 'includes' section. The 'env' section of the 'poc.yaml' file should be set to 'observability: calyptia'.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

4.6

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Fluent Bit Denial-of-Service Vulnerability via Use-After-Free in YAML Configuration Parsing

Vulnerability

Impact

Reproduction

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating