CVE-2022-37439
Vulnerability from cvelistv5
Published
2022-08-16 19:49
Modified
2024-09-16 22:56
Severity ?
EPSS score ?
Summary
Malformed ZIP file crashes Universal Forwarders and Splunk Enterprise through file monitoring input
References
Impacted products
| ▼ | Vendor | Product |
|---|---|---|
| Splunk | Splunk Enterprise | |
| Splunk | Universal Forwarders |
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-03T10:29:21.024Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0803.html"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://research.splunk.com/application/b237d393-2f57-4531-aad7-ad3c17c8b041"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "Splunk Enterprise",
"vendor": "Splunk",
"versions": [
{
"lessThan": "8.2.7.1",
"status": "affected",
"version": "8.2",
"versionType": "custom"
},
{
"lessThan": "8.1.11",
"status": "affected",
"version": "8.1",
"versionType": "custom"
}
]
},
{
"product": "Universal Forwarders",
"vendor": "Splunk",
"versions": [
{
"status": "affected",
"version": "8.1.11"
},
{
"lessThan": "8.2.7.1",
"status": "affected",
"version": "8.2",
"versionType": "custom"
}
]
}
],
"datePublic": "2022-08-16T00:00:00",
"descriptions": [
{
"lang": "en",
"value": "In Splunk Enterprise and Universal Forwarder versions in the following table, indexing a specially crafted ZIP file using the file monitoring input can result in a crash of the application. Attempts to restart the application would result in a crash and would require manually removing the malformed file."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-409",
"description": "CWE-409",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2022-08-16T19:49:49",
"orgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"shortName": "Splunk"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0803.html"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://research.splunk.com/application/b237d393-2f57-4531-aad7-ad3c17c8b041"
}
],
"source": {
"advisory": "SVD-2022-0803",
"defect": [
"SPL-220982"
]
},
"title": "Malformed ZIP file crashes Universal Forwarders and Splunk Enterprise through file monitoring input",
"x_legacyV4Record": {
"CVE_data_meta": {
"ASSIGNER": "prodsec@splunk.com",
"DATE_PUBLIC": "2022-08-16T16:00:00.000Z",
"ID": "CVE-2022-37439",
"STATE": "PUBLIC",
"TITLE": "Malformed ZIP file crashes Universal Forwarders and Splunk Enterprise through file monitoring input"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "Splunk Enterprise",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.2",
"version_value": "8.2.7.1"
},
{
"version_affected": "\u003c",
"version_name": "8.1",
"version_value": "8.1.11"
}
]
}
},
{
"product_name": "Universal Forwarders",
"version": {
"version_data": [
{
"version_affected": "\u003c",
"version_name": "8.2",
"version_value": "8.2.7.1"
},
{
"version_name": "8.1",
"version_value": "8.1.11"
}
]
}
}
]
},
"vendor_name": "Splunk"
}
]
}
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Splunk Enterprise and Universal Forwarder versions in the following table, indexing a specially crafted ZIP file using the file monitoring input can result in a crash of the application. Attempts to restart the application would result in a crash and would require manually removing the malformed file."
}
]
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 5.5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-409"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0803.html",
"refsource": "CONFIRM",
"url": "https://www.splunk.com/en_us/product-security/announcements/svd-2022-0803.html"
},
{
"name": "https://research.splunk.com/application/b237d393-2f57-4531-aad7-ad3c17c8b041",
"refsource": "CONFIRM",
"url": "https://research.splunk.com/application/b237d393-2f57-4531-aad7-ad3c17c8b041"
}
]
},
"source": {
"advisory": "SVD-2022-0803",
"defect": [
"SPL-220982"
]
}
}
}
},
"cveMetadata": {
"assignerOrgId": "42b59230-ec95-491e-8425-5a5befa1a469",
"assignerShortName": "Splunk",
"cveId": "CVE-2022-37439",
"datePublished": "2022-08-16T19:49:49.787022Z",
"dateReserved": "2022-08-05T00:00:00",
"dateUpdated": "2024-09-16T22:56:21.322Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1",
"meta": {
"nvd": "{\"cve\":{\"id\":\"CVE-2022-37439\",\"sourceIdentifier\":\"prodsec@splunk.com\",\"published\":\"2022-08-16T21:15:13.637\",\"lastModified\":\"2022-08-18T19:11:51.633\",\"vulnStatus\":\"Analyzed\",\"descriptions\":[{\"lang\":\"en\",\"value\":\"In Splunk Enterprise and Universal Forwarder versions in the following table, indexing a specially crafted ZIP file using the file monitoring input can result in a crash of the application. Attempts to restart the application would result in a crash and would require manually removing the malformed file.\"},{\"lang\":\"es\",\"value\":\"En las versiones de Splunk Enterprise y Universal Forwarder de la siguiente tabla, la indexaci\u00f3n de un archivo ZIP especialmente dise\u00f1ado mediante la entrada de monitorizaci\u00f3n de archivos puede resultar en un bloqueo de la aplicaci\u00f3n. Los intentos de reiniciar la aplicaci\u00f3n resultar\u00edan en un bloqueo y requerir\u00edan la eliminaci\u00f3n manual del archivo malformado.\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6},{\"source\":\"prodsec@splunk.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H\",\"attackVector\":\"LOCAL\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"LOW\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\",\"baseScore\":5.5,\"baseSeverity\":\"MEDIUM\"},\"exploitabilityScore\":1.8,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"NVD-CWE-noinfo\"}]},{\"source\":\"prodsec@splunk.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-409\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"8.1.0\",\"versionEndExcluding\":\"8.1.11\",\"matchCriteriaId\":\"52EBCCF6-0276-4B2C-9068-53864A39265F\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:splunk:*:*:*:*:enterprise:*:*:*\",\"versionStartIncluding\":\"8.2.0\",\"versionEndExcluding\":\"8.2.7.1\",\"matchCriteriaId\":\"07E949C3-48BB-4D7F-98A2-B078E7A75F1B\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.1.0\",\"versionEndExcluding\":\"8.1.11\",\"matchCriteriaId\":\"2479E06A-3859-4BD2-B6A4-27F664ABD800\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:splunk:universal_forwarder:*:*:*:*:*:*:*:*\",\"versionStartIncluding\":\"8.2.0\",\"versionEndExcluding\":\"8.2.7.1\",\"matchCriteriaId\":\"8FCE9486-B97A-49C6-A269-80CE96EBCC09\"}]}]}],\"references\":[{\"url\":\"https://research.splunk.com/application/b237d393-2f57-4531-aad7-ad3c17c8b041\",\"source\":\"prodsec@splunk.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://www.splunk.com/en_us/product-security/announcements/svd-2022-0803.html\",\"source\":\"prodsec@splunk.com\",\"tags\":[\"Vendor Advisory\"]}]}}"
}
}
Loading...
Loading...
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
- Confirmed: The vulnerability is confirmed from an analyst perspective.
- Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
- Patched: This vulnerability was successfully patched by the user reporting the sighting.
- Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
- Not confirmed: The user expresses doubt about the veracity of the vulnerability.
- Not patched: This vulnerability was not successfully patched by the user reporting the sighting.