CVE-2022-37439 - Vulnerability Details - OpenCVE

In Splunk Enterprise and Universal Forwarder versions in the following table, indexing a specially crafted ZIP file using the file monitoring input can result in a crash of the application. Attempts to restart the application would result in a crash and would require manually removing the malformed file.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00114.

Key SSVC decision points have not yet been added.

Vendors	Products
Splunk	Splunk Universal Forwarder

Configuration 1 [-]

OR	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:splunk:::::enterprise:::*
	cpe:2.3:a:splunk:universal_forwarder::::::::
	cpe:2.3:a:splunk:universal_forwarder::::::::

No data.

No data.

Advisories

Source	ID	Title
EUVD	EUVD-2022-40066	In Splunk Enterprise and Universal Forwarder versions in the following table, indexing a specially crafted ZIP file using the file monitoring input can result in a crash of the application. Attempts to restart the application would result in a crash and would require manually removing the malformed file.

Fixes

Solution

No solution given by the vendor.

Workaround

No workaround given by the vendor.

References

Link	Providers
https://research.splunk.com/application/b237d393-2f57-4531-aad7-ad3c17c8b041
https://www.splunk.com/en_us/product-security/announcements/svd-2022-0803.html

History

No history.

MITRE

Status: PUBLISHED

Assigner: Splunk

Published: 2022-08-16T19:49:49.787022Z

Updated: 2024-09-16T22:56:21.322Z

Reserved: 2022-08-05T00:00:00

Link: CVE-2022-37439

Vulnrichment

No data.

NVD

Status : Modified

Published: 2022-08-16T21:15:13.637

Modified: 2024-11-21T07:14:59.880

Link: CVE-2022-37439

Redhat

No data.

OpenCVE Enrichment

No data.

{"containers": {"cna": {"affected": [{"product": "Splunk Enterprise", "vendor": "Splunk", "versions": [{"lessThan": "8.2.7.1", "status": "affected", "version": "8.2", "versionType": "custom"}, {"lessThan": "8.1.11", "status": "affected", "version": "8.1", "versionType": "custom"}]}, {"product": "Universal Forwarders", "vendor": "Splunk", "versions": [{"status": "affected", "version": "8.1.11"}, {"lessThan": "8.2.7.1", "status": "affected", "version": "8.2", "versionType": "custom"}]}], "datePublic": "2022-08-16T00:00:00", "descriptions": [{"lang": "en", "value": "In Splunk Enterprise and Universal Forwarder versions in the following table, indexing a specially crafted ZIP file using the file monitoring input can result in a crash of the application. Attempts to restart the application would result in a crash and would require manually removing the malformed file."}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}], "problemTypes": [{"descriptions": [{"cweId": "CWE-409", "description": "CWE-409", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"dateUpdated": "2022-08-16T19:49:49", "orgId": "42b59230-ec95-491e-8425-5a5befa1a469", "shortName": "Splunk"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0803.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "https://research.splunk.com/application/b237d393-2f57-4531-aad7-ad3c17c8b041"}], "source": {"advisory": "SVD-2022-0803", "defect": ["SPL-220982"]}, "title": "Malformed ZIP file crashes Universal Forwarders and Splunk Enterprise through file monitoring input", "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "prodsec@splunk.com", "DATE_PUBLIC": "2022-08-16T16:00:00.000Z", "ID": "CVE-2022-37439", "STATE": "PUBLIC", "TITLE": "Malformed ZIP file crashes Universal Forwarders and Splunk Enterprise through file monitoring input"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "Splunk Enterprise", "version": {"version_data": [{"version_affected": "<", "version_name": "8.2", "version_value": "8.2.7.1"}, {"version_affected": "<", "version_name": "8.1", "version_value": "8.1.11"}]}}, {"product_name": "Universal Forwarders", "version": {"version_data": [{"version_affected": "<", "version_name": "8.2", "version_value": "8.2.7.1"}, {"version_name": "8.1", "version_value": "8.1.11"}]}}]}, "vendor_name": "Splunk"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Splunk Enterprise and Universal Forwarder versions in the following table, indexing a specially crafted ZIP file using the file monitoring input can result in a crash of the application. Attempts to restart the application would result in a crash and would require manually removing the malformed file."}]}, "impact": {"cvss": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "CWE-409"}]}]}, "references": {"reference_data": [{"name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0803.html", "refsource": "CONFIRM", "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0803.html"}, {"name": "https://research.splunk.com/application/b237d393-2f57-4531-aad7-ad3c17c8b041", "refsource": "CONFIRM", "url": "https://research.splunk.com/application/b237d393-2f57-4531-aad7-ad3c17c8b041"}]}, "source": {"advisory": "SVD-2022-0803", "defect": ["SPL-220982"]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-03T10:29:21.024Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0803.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "https://research.splunk.com/application/b237d393-2f57-4531-aad7-ad3c17c8b041"}]}]}, "cveMetadata": {"assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469", "assignerShortName": "Splunk", "cveId": "CVE-2022-37439", "datePublished": "2022-08-16T19:49:49.787022Z", "dateReserved": "2022-08-05T00:00:00", "dateUpdated": "2024-09-16T22:56:21.322Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "52EBCCF6-0276-4B2C-9068-53864A39265F", "versionEndExcluding": "8.1.11", "versionStartIncluding": "8.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*", "matchCriteriaId": "07E949C3-48BB-4D7F-98A2-B078E7A75F1B", "versionEndExcluding": "8.2.7.1", "versionStartIncluding": "8.2.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", "matchCriteriaId": "2479E06A-3859-4BD2-B6A4-27F664ABD800", "versionEndExcluding": "8.1.11", "versionStartIncluding": "8.1.0", "vulnerable": true}, {"criteria": "cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*", "matchCriteriaId": "8FCE9486-B97A-49C6-A269-80CE96EBCC09", "versionEndExcluding": "8.2.7.1", "versionStartIncluding": "8.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Splunk Enterprise and Universal Forwarder versions in the following table, indexing a specially crafted ZIP file using the file monitoring input can result in a crash of the application. Attempts to restart the application would result in a crash and would require manually removing the malformed file."}, {"lang": "es", "value": "En las versiones de Splunk Enterprise y Universal Forwarder de la siguiente tabla, la indexaci\u00f3n de un archivo ZIP especialmente dise\u00f1ado mediante la entrada de monitorizaci\u00f3n de archivos puede resultar en un bloqueo de la aplicaci\u00f3n. Los intentos de reiniciar la aplicaci\u00f3n resultar\u00edan en un bloqueo y requerir\u00edan la eliminaci\u00f3n manual del archivo malformado."}], "id": "CVE-2022-37439", "lastModified": "2024-11-21T07:14:59.880", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "prodsec@splunk.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "LOCAL", "availabilityImpact": "HIGH", "baseScore": 5.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 1.8, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2022-08-16T21:15:13.637", "references": [{"source": "prodsec@splunk.com", "tags": ["Vendor Advisory"], "url": "https://research.splunk.com/application/b237d393-2f57-4531-aad7-ad3c17c8b041"}, {"source": "prodsec@splunk.com", "tags": ["Vendor Advisory"], "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0803.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://research.splunk.com/application/b237d393-2f57-4531-aad7-ad3c17c8b041"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0803.html"}], "sourceIdentifier": "prodsec@splunk.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-409"}], "source": "prodsec@splunk.com", "type": "Secondary"}, {"description": [{"lang": "en", "value": "NVD-CWE-noinfo"}], "source": "nvd@nist.gov", "type": "Primary"}]}