CVE-2022-37439

In Splunk Enterprise and Universal Forwarder versions in the following table, indexing a specially crafted ZIP file using the file monitoring input can result in a crash of the application. Attempts to restart the application would result in a crash and would require manually removing the malformed file.

CVSS v3 5.5 MEDIUM

5.5^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.8 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://research.splunk.com/application/b237d393-2f57-4531-aad7-ad3c17c8b041	Vendor Advisory
https://www.splunk.com/en_us/product-security/announcements/svd-2022-0803.html	Vendor Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:universal_forwarder::::::::
	cpe:2.3:a:splunk:universal_forwarder::::::::

History

18 Aug 2022, 19:11

Type	Values Removed	Values Added
CPE		cpe:2.3:a:splunk:universal_forwarder:::::::: cpe:2.3:a:splunk:splunk:::::enterprise:::*
CWE		NVD-CWE-noinfo
CVSS	v2 : ~~unknown~~ v3 : ~~unknown~~	v2 : unknown v3 : 5.5
References	~~(CONFIRM) https://research.splunk.com/application/b237d393-2f57-4531-aad7-ad3c17c8b041 -~~	(CONFIRM) https://research.splunk.com/application/b237d393-2f57-4531-aad7-ad3c17c8b041 - Vendor Advisory
References	~~(CONFIRM) https://www.splunk.com/en_us/product-security/announcements/svd-2022-0803.html -~~	(CONFIRM) https://www.splunk.com/en_us/product-security/announcements/svd-2022-0803.html - Vendor Advisory
First Time		Splunk Splunk splunk Splunk universal Forwarder

16 Aug 2022, 21:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2022-08-16 21:15

Updated : 2023-12-10 14:35

NVD link : CVE-2022-37439

Mitre link : CVE-2022-37439

CVE.ORG link : CVE-2022-37439

JSON object : View

Products Affected

splunk

splunk
universal_forwarder

CWE

NVD-CWE-noinfo CWE-409

Improper Handling of Highly Compressed Data (Data Amplification)

{"id": "CVE-2022-37439", "metrics": {"cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}, {"type": "Secondary", "source": "prodsec@splunk.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.5, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "LOW", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 1.8}]}, "published": "2022-08-16T21:15:13.637", "references": [{"url": "https://research.splunk.com/application/b237d393-2f57-4531-aad7-ad3c17c8b041", "tags": ["Vendor Advisory"], "source": "prodsec@splunk.com"}, {"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0803.html", "tags": ["Vendor Advisory"], "source": "prodsec@splunk.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "NVD-CWE-noinfo"}]}, {"type": "Secondary", "source": "prodsec@splunk.com", "description": [{"lang": "en", "value": "CWE-409"}]}], "descriptions": [{"lang": "en", "value": "In Splunk Enterprise and Universal Forwarder versions in the following table, indexing a specially crafted ZIP file using the file monitoring input can result in a crash of the application. Attempts to restart the application would result in a crash and would require manually removing the malformed file."}, {"lang": "es", "value": "En las versiones de Splunk Enterprise y Universal Forwarder de la siguiente tabla, la indexaci\u00f3n de un archivo ZIP especialmente dise\u00f1ado mediante la entrada de monitorizaci\u00f3n de archivos puede resultar en un bloqueo de la aplicaci\u00f3n. Los intentos de reiniciar la aplicaci\u00f3n resultar\u00edan en un bloqueo y requerir\u00edan la eliminaci\u00f3n manual del archivo malformado."}], "lastModified": "2022-08-18T19:11:51.633", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "52EBCCF6-0276-4B2C-9068-53864A39265F", "versionEndExcluding": "8.1.11", "versionStartIncluding": "8.1.0"}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "vulnerable": true, "matchCriteriaId": "07E949C3-48BB-4D7F-98A2-B078E7A75F1B", "versionEndExcluding": "8.2.7.1", "versionStartIncluding": "8.2.0"}, {"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2479E06A-3859-4BD2-B6A4-27F664ABD800", "versionEndExcluding": "8.1.11", "versionStartIncluding": "8.1.0"}, {"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "8FCE9486-B97A-49C6-A269-80CE96EBCC09", "versionEndExcluding": "8.2.7.1", "versionStartIncluding": "8.2.0"}], "operator": "OR"}]}], "sourceIdentifier": "prodsec@splunk.com"}