CVE-2024-45736 | THREATINT

We use these services and cookies to improve your user experience. You may opt out if you wish, however, this may limit some features on this site.

Please see our statement on Data Privacy.

Crisp.chat (Helpdesk and Chat)

Ok

Description

In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a search query with an improperly formatted "INGEST_EVAL" parameter as part of a [Field Transformation](https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Managefieldtransforms) which could crash the Splunk daemon (splunkd).

Reserved 2024-09-05 | Published 2024-10-14 | Updated 2025-01-02 | Assigner Splunk

MEDIUM: 6.5CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

Problem types

The software does not properly control the allocation and maintenance of a limited resource thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

Product status

9.3 before 9.3.1

affected

9.2 before 9.2.3

affected

9.1 before 9.1.6

affected

9.2.2403 before 9.2.2403.107

affected

9.1.2312 before 9.1.2312.204

affected

9.1.2312 before 9.1.2312.111

affected

Credits

Danylo Dmytriiev (DDV_UA)

References

advisory.splunk.com/advisories/SVD-2024-1006

research.splunk.com/...08978eca-caff-44c1-84dc-53f17def4e14/

cve.org (CVE-2024-45736)

nvd.nist.gov (CVE-2024-45736)

Download JSON

https://cve.threatint.com/CVE/CVE-2024-45736

Support options

Helpdesk Chat, Email, Knowledgebase
Telegram Chat

Subscribe to our newsletter to learn more about our work.