VDB
CVE-2022-37439
CVE-2022-37439
PUBLISHED
CVSS 5.5 MEDIUM
In Splunk Enterprise and Universal Forwarder versions in the following table, indexing a specially crafted ZIP file using the file monitoring input can result in a crash of the application. Attempts to restart the application would result in a crash and would require manually removing the malformed file.
EPSS 0.11% · 29.6th percentile
Risk Scores
CVSS v3.1
5.5
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
EPSS Score
0.11%
29.6th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| splunk | universal_forwarder | 8.1.0, 8.2.0 |
| Splunk | Universal Forwarders | 8.1.11, 8.2 |
| Splunk | Splunk Enterprise | 8.1, 8.2 |
| splunk | splunk | 8.1.0, 8.2.0 |
Timeline
- Aug 16, 2022 CVE Published
- Aug 17, 2022 EPSS Score
- Oct 2, 2022 EPSS Score
- Nov 17, 2022 EPSS Score
- Dec 31, 2022 EPSS Score
- Jan 2, 2023 EPSS Score
- Feb 23, 2023 EPSS Score
- Mar 7, 2023 EPSS Score
- Apr 3, 2023 EPSS Score
- May 19, 2023 EPSS Score
- Jul 4, 2023 EPSS Score
- Aug 19, 2023 EPSS Score
References
- https://www.splunk.com/en_us/product-security/announcements/svd-2022-0801.html advisory
- https://www.splunk.com/en_us/product-security/announcements/svd-2022-0804.html advisory
- https://www.splunk.com/en_us/product-security/announcements/svd-2022-0803.html advisory
- https://www.splunk.com/en_us/product-security/announcements/svd-2022-0802.html advisory
- https://research.splunk.com/application/b237d393-2f57-4531-aad7-ad3c17c8b041 url
- https://nvd.nist.gov/vuln/detail/CVE-2022-37439 advisory