CVE-2024-23722: 
Netdata vulnerability analysis and mitigation

A NULL pointer dereference vulnerability was discovered in Fluent Bit versions 2.1.8 through 2.2.1. The vulnerability occurs when processing HTTP requests with invalid payloads, specifically those with the content type of x-www-form without proper formatting. This security issue was assigned CVE-2024-23722 and affects the HTTP input plugin of Fluent Bit (NVD, Medium Blog).

The vulnerability exists in the HTTP protocol handling code within fluent-bit/plugins/inhttp/httpprot.c. Specifically, on line 440, the server attempts to process HTTP requests by searching for an equals sign ('=') in the request body without proper validation. When no equals sign is present, this creates an array of null pointers, leading to a null pointer dereference on line 457 when attempting to process this array, ultimately causing the application to crash (Medium Blog).

The vulnerability can be exploited to cause a Denial of Service (DoS) on any Fluent Bit server configured to receive HTTP requests. As Fluent Bit serves as a log router, crashing the server can prevent logs from being delivered to their intended destinations, potentially creating visibility gaps that attackers could further exploit (Medium Blog).

Users are advised to update Fluent Bit to version 2.2.2 or later to resolve this vulnerability. Additionally, it is recommended that Fluent Bit instances should not be exposed publicly to minimize the risk of exploitation (Medium Blog).

The vulnerability was discovered by Alexander Cote, with Aiden Durand assisting in the investigation and triage process. The issue has been acknowledged and addressed by the Fluent Bit development team through the release of version 2.2.2 (Medium Blog).