We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Fathom (Privacy friendly web analytics)
Zendesk (Helpdesk and Chat)

Ok

Home | EN
Support
CVE

PUBLISHED

CVE-2024-36982

Denial of Service through null pointer reference in “cluster/config” REST endpoint

Assigner	Splunk
Reserved	2024-05-30
Published	2024-07-01
Updated	2024-07-03

Description

In Splunk Enterprise versions below 9.2.2, 9.1.5, and 9.0.10 and Splunk Cloud Platform versions below 9.1.2312.109 and 9.1.2308.207, an attacker could trigger a null pointer reference on the cluster/config REST endpoint, which could result in a crash of the Splunk daemon.

HIGH: 7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Problem types

A NULL pointer dereference occurs when the application dereferences a pointer that it expects to be valid, but is NULL, typically causing a crash or exit.

Product status

9.2 before 9.2.2

affected

9.1 before 9.1.5

affected

9.0 before 9.0.10

affected

9.1.2312 before 9.1.2312.109

affected

9.1.2308 before 9.1.2308.207

affected

Credits

d0nahu3

References

https://advisory.splunk.com/advisories/SVD-2024-0702

cve.org CVE-2024-36982

nvd.nist.gov CVE-2024-36982

Download JSON

https://cve.threatint.com/CVE/CVE-2024-36982

Find us on

Data Privacy
Terms of Use