Malformed ZIP file crashes Universal Forwarders and Splunk Enterprise through file monitoring input
CVE-2022-37439

5.5MEDIUM

Key Information:

Vendor: Splunk
Status: Splunk Enterprise; Universal Forwarders
Vendor: CVE Published:; 16 August 2022

Summary

In Splunk Enterprise and Universal Forwarder versions in the following table, indexing a specially crafted ZIP file using the file monitoring input can result in a crash of the application. Attempts to restart the application would result in a crash and would require manually removing the malformed file.

Affected Version(s)

Splunk Enterprise 8.2 < 8.2.7.1

Splunk Enterprise 8.1 < 8.1.11

Universal Forwarders 8.1.11

References

https://www.splunk.com/en_us/product-security/announcemen...

x_refsource_CONFIRM

https://research.splunk.com/application/b237d393-2f57-453...

x_refsource_CONFIRM

CVSS V3.1

Score:

5.5

Severity:

MEDIUM

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Local

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Unchanged

Timeline

Vulnerability published
Aug 16, 2022
Vulnerability Reserved
Aug 5, 2022