CVE-2023-40594

Summary

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can use the printf SPL function to perform a denial of service (DoS) against the Splunk Enterprise instance.

Affected Software

VendorProductVersion RangeStatus
SplunkSplunk Enterprise8.2 < 8.2.12affected
SplunkSplunk Enterprise9.0 < 9.0.6affected
SplunkSplunk Enterprise9.1 < 9.1.1affected
SplunkSplunk Cloud- < 9.0.2303.100affected

Weaknesses

  • CWE-400: The software does not properly control the allocation and maintenance of a limited resource thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References