CVE-2024-50608: 
Fluent Bit vulnerability analysis and mitigation

CVE-2024-50608 is a vulnerability discovered in Fluent Bit version 3.1.9, affecting the Prometheus Remote Write input plugin. The vulnerability was disclosed in February 2025. When the plugin is running and listening on an IP address and port, an attacker can send a packet with Content-Length: 0, causing the server to crash. This vulnerability has been assigned a CVSS v3.1 base score of 7.5 (HIGH) (NVD, SecurityOnline).

The vulnerability stems from improper handling of the Content-Length value when it is set to 0, which leads to a NULL pointer dereference. Specifically, when the Content-Length: 0 value is passed to the function cflsdslen, it attempts to cast a NULL pointer into struct cflsds, resulting in a crash. This issue is related to the processpayloadmetricsng() function in promrwprot.c. The vulnerability has been classified as CWE-476 (NULL Pointer Dereference) (NVD, Ebryx).

The vulnerability allows any user with access to the endpoint to perform a remote Denial of Service (DoS) attack. Given that Fluent Bit is widely used with over 15 billion downloads and is deployed 10 million times daily, this vulnerability could potentially disrupt operations for millions of enterprise systems that rely on the software for log processing and forwarding (SecurityOnline).

The vulnerability has been patched in newer versions of Fluent Bit. Users are strongly advised to update their installations to the latest version to mitigate the risk of DoS attacks. The fix involves adding validation to reject Content-Length values of 0 or less, preventing the invalid memory dereference (Ebryx).