CVE-2023-22941

Summary

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted ‘INGEST_EVAL’ parameter in a Field Transformation crashes the Splunk daemon (splunkd).

Affected Software

VendorProductVersion RangeStatus
SplunkSplunk Enterprise8.1 < 8.1.13affected
SplunkSplunk Enterprise8.2 < 8.2.10affected
SplunkSplunk Enterprise9.0 < 9.0.4affected
SplunkSplunk Cloud Platform- < 9.0.2212affected

Weaknesses

  • CWE-248: An exception is thrown from a function, but it is not caught.

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

CVE Program Container

Additional References

References