CVE-2022-37439

In Splunk Enterprise and Universal Forwarder versions in the following table, indexing a specially crafted ZIP file using the file monitoring input can result in a crash of the application. Attempts to restart the application would result in a crash and would require manually removing the malformed file.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://research.splunk.com/application/b237d393-2f57-4531-aad7-ad3c17c8b041	Vendor Advisory
https://www.splunk.com/en_us/product-security/announcements/svd-2022-0803.html	Vendor Advisory
https://research.splunk.com/application/b237d393-2f57-4531-aad7-ad3c17c8b041	Vendor Advisory
https://www.splunk.com/en_us/product-security/announcements/svd-2022-0803.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:universal_forwarder::::::::
	cpe:2.3:a:splunk:universal_forwarder::::::::

History

21 Nov 2024, 07:14

Type	Values Removed	Values Added
References	~~() https://research.splunk.com/application/b237d393-2f57-4531-aad7-ad3c17c8b041 - Vendor Advisory~~	() https://research.splunk.com/application/b237d393-2f57-4531-aad7-ad3c17c8b041 - Vendor Advisory
References	~~() https://www.splunk.com/en_us/product-security/announcements/svd-2022-0803.html - Vendor Advisory~~	() https://www.splunk.com/en_us/product-security/announcements/svd-2022-0803.html - Vendor Advisory

Information

Published : 2022-08-16 21:15

Updated : 2024-11-21 07:14

NVD link : CVE-2022-37439

Mitre link : CVE-2022-37439

CVE.ORG link : CVE-2022-37439

JSON object : View

Products Affected

splunk

universal_forwarder
splunk

CWE

CWE-409

Improper Handling of Highly Compressed Data (Data Amplification)

NVD-CWE-noinfo

{"id": "CVE-2022-37439", "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "prodsec@splunk.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2022-08-16T21:15:13.637", "references": [{"url": "https://research.splunk.com/application/b237d393-2f57-4531-aad7-ad3c17c8b041", "tags": ["Vendor Advisory"], "source": "prodsec@splunk.com"}, {"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0803.html", "tags": ["Vendor Advisory"], "source": "prodsec@splunk.com"}, {"url": "https://research.splunk.com/application/b237d393-2f57-4531-aad7-ad3c17c8b041", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0803.html", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "prodsec@splunk.com", "description": [{"lang": "en", "value": "CWE-409"}]}, {"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}], "descriptions": [{"lang": "en", "value": "In Splunk Enterprise and Universal Forwarder versions in the following table, indexing a specially crafted ZIP file using the file monitoring input can result in a crash of the application. Attempts to restart the application would result in a crash and would require manually removing the malformed file."}, {"lang": "es", "value": "En las versiones de Splunk Enterprise y Universal Forwarder de la siguiente tabla, la indexaci\u00f3n de un archivo ZIP especialmente dise\u00f1ado mediante la entrada de monitorizaci\u00f3n de archivos puede resultar en un bloqueo de la aplicaci\u00f3n. Los intentos de reiniciar la aplicaci\u00f3n resultar\u00edan en un bloqueo y requerir\u00edan la eliminaci\u00f3n manual del archivo malformado."}], "lastModified": "2024-11-21T07:14:59.880", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "52EBCCF6-0276-4B2C-9068-53864A39265F", "versionEndExcluding": "8.1.11", "versionStartIncluding": "8.1.0"}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "07E949C3-48BB-4D7F-98A2-B078E7A75F1B", "versionEndExcluding": "8.2.7.1", "versionStartIncluding": "8.2.0"}, {"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2479E06A-3859-4BD2-B6A4-27F664ABD800", "versionEndExcluding": "8.1.11", "versionStartIncluding": "8.1.0"}, {"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8FCE9486-B97A-49C6-A269-80CE96EBCC09", "versionEndExcluding": "8.2.7.1", "versionStartIncluding": "8.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "prodsec@splunk.com"}