We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

THREATINT
PUBLISHED

CVE-2024-45736

Improperly Formatted ‘INGEST_EVAL’ Parameter Crashes Splunk Daemon



AssignerSplunk
Reserved2024-09-05
Published2024-10-14
Updated2024-10-30

Description

In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a search query with an improperly formatted "INGEST_EVAL" parameter as part of a [Field Transformation](https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Managefieldtransforms) which could crash the Splunk daemon (splunkd).



MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Product status

9.3 before 9.3.1
affected

9.2 before 9.2.3
affected

9.1 before 9.1.6
affected

9.2.2403 before 9.2.2403.107
affected

9.1.2312 before 9.1.2312.204
affected

9.1.2312 before 9.1.2312.111
affected

Credits

Danylo Dmytriiev (DDV_UA)

References

https://advisory.splunk.com/advisories/SVD-2024-1006

https://research.splunk.com/application/08978eca-caff-44c1-84dc-53f17def4e14/

cve.org CVE-2024-45736

nvd.nist.gov CVE-2024-45736

Download JSON

Share this page
https://cve.threatint.com/CVE/CVE-2024-45736
Subscribe to our newsletter to learn more about our work.