Splunk Enterprise update for third-party components
| Risk | High |
| Patch available | YES |
| Number of vulnerabilities | 12 |
| CVE-ID | CVE-2024-36114 CVE-2024-36129 CVE-2024-5535 CVE-2021-44531 CVE-2024-45296 CVE-2024-4067 CVE-2024-6531 CVE-2024-26308 CVE-2024-25710 CVE-2024-42459 CVE-2024-42460 CVE-2024-42461 |
| CWE-ID | CWE-401 CWE-119 CWE-125 CWE-295 CWE-1333 CWE-185 CWE-79 CWE-400 CWE-835 CWE-347 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
Splunk Enterprise Server applications / IDS/IPS systems, Firewalls and proxy servers |
| Vendor | Splunk Inc. |
Security Bulletin
This security bulletin contains information about 12 vulnerabilities.
1) Memory leak
EUVDB-ID: #VU99350
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-36114
CWE-ID:
CWE-401 - Missing release of memory after effective lifetime
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform DoS attack on the target system.
The vulnerability exists due memory leak when handling untrusted input. A remote attacker can force the application to leak memory and perform denial of service attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.3.1
CPE2.3- cpe:2.3:a:splunk:splunk_enterprise:9.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.3.1:*:*:*:*:*:*:*
https://advisory.splunk.com/advisories/SVD-2024-1206
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Buffer overflow
EUVDB-ID: #VU91596
Risk: High
CVSSv4.0: 6.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:H/SC:N/SI:N/SA:N/E:U/U:Amber]
CVE-ID: CVE-2024-36129
CWE-ID:
CWE-119 - Memory corruption
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error within the Zip/Decompression Bomb sent over HTTP or gRPC. A remote attacker can trigger memory corruption and cause a denial of service condition on the target system.
MitigationInstall update from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.3.1
CPE2.3- cpe:2.3:a:splunk:splunk_enterprise:9.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.3.1:*:*:*:*:*:*:*
https://advisory.splunk.com/advisories/SVD-2024-1206
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
3) Out-of-bounds read
EUVDB-ID: #VU93424
Risk: Low
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-5535
CWE-ID:
CWE-125 - Out-of-bounds read
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary condition within the SSL_select_next_proto() function when using NPN. A remote attacker can send specially crafted data to the application, trigger an out-of-bounds read and perform a denial of service (DoS) attack.
Install update from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.3.1
CPE2.3- cpe:2.3:a:splunk:splunk_enterprise:9.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.3.1:*:*:*:*:*:*:*
https://advisory.splunk.com/advisories/SVD-2024-1206
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
4) Improper Certificate Validation
EUVDB-ID: #VU59548
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2021-44531
CWE-ID:
CWE-295 - Improper Certificate Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform spoofing attack.
The
vulnerability exists due to insufficient validation of URI Subject
Alternative Names. Node.js accepts arbitrary Subject Alternative Name
(SAN) types, unless a PKI
is specifically defined to use a particular SAN type. A remote attacker
can bypass name-constrained intermediates and perform spoofing attack.
Install update from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.3.1
CPE2.3- cpe:2.3:a:splunk:splunk_enterprise:9.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.3.1:*:*:*:*:*:*:*
https://advisory.splunk.com/advisories/SVD-2024-1206
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
5) Inefficient regular expression complexity
EUVDB-ID: #VU98132
Risk: Low
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear]
CVE-ID: CVE-2024-45296
CWE-ID:
CWE-1333 - Inefficient Regular Expression Complexity
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to insufficient input validation when processing untrusted input with a regular expressions. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.
Install update from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.3.1
CPE2.3- cpe:2.3:a:splunk:splunk_enterprise:9.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.3.1:*:*:*:*:*:*:*
https://advisory.splunk.com/advisories/SVD-2024-1206
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
6) Incorrect Regular Expression
EUVDB-ID: #VU92406
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-4067
CWE-ID:
CWE-185 - Incorrect Regular Expression
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability occurs in `micromatch.braces()` in `index.js` because the pattern `.*` will greedily match anything. A remote attacker can pass specially crafted data to the application and perform regular expression denial of service (ReDos) attack.
Install update from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.3.1
CPE2.3- cpe:2.3:a:splunk:splunk_enterprise:9.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.3.1:*:*:*:*:*:*:*
https://advisory.splunk.com/advisories/SVD-2024-1206
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
7) Cross-site scripting
EUVDB-ID: #VU97689
Risk: Medium
CVSSv4.0: 1.2 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:N/SC:L/SI:L/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-6531
CWE-ID:
CWE-79 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
Exploit availability: No
DescriptionThe disclosed vulnerability allows a remote attacker to perform cross-site scripting (XSS) attacks.
The vulnerability exists due to insufficient sanitization of user-supplied data passed via an anchor element (<a>), when used for carousel navigation with a data-slide attribute. A remote attacker can execute arbitrary JavaScript code in user's browser in context of vulnerable website.
Successful exploitation of this vulnerability may allow a remote attacker to steal potentially sensitive information, change appearance of the web page, perform phishing and drive-by-download attacks.
MitigationInstall update from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.3.1
CPE2.3- cpe:2.3:a:splunk:splunk_enterprise:9.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.3.1:*:*:*:*:*:*:*
https://advisory.splunk.com/advisories/SVD-2024-1206
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
8) Resource exhaustion
EUVDB-ID: #VU86625
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-26308
CWE-ID:
CWE-400 - Resource exhaustion
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to application does not properly control consumption of memory when unpacking a broken Pack200 file. A remote attacker can trigger resource exhaustion and perform a denial of service (DoS) attack.
MitigationInstall update from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.3.1
CPE2.3- cpe:2.3:a:splunk:splunk_enterprise:9.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.3.1:*:*:*:*:*:*:*
https://advisory.splunk.com/advisories/SVD-2024-1206
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
9) Infinite loop
EUVDB-ID: #VU86624
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:N/VA:H/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-25710
CWE-ID:
CWE-835 - Loop with Unreachable Exit Condition ('Infinite Loop')
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to infinite loop when processing a corrupt DUMP file. A remote attacker can consume all available system resources and cause denial of service conditions.
MitigationInstall update from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.3.1
CPE2.3- cpe:2.3:a:splunk:splunk_enterprise:9.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.3.1:*:*:*:*:*:*:*
https://advisory.splunk.com/advisories/SVD-2024-1206
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
10) Improper Verification of Cryptographic Signature
EUVDB-ID: #VU97606
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-42459
CWE-ID:
CWE-347 - Improper Verification of Cryptographic Signature
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to an error when handling EDDSA signatures. A remote attacker can bypass signature-based security checks. MitigationInstall update from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.3.1
CPE2.3- cpe:2.3:a:splunk:splunk_enterprise:9.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.3.1:*:*:*:*:*:*:*
https://advisory.splunk.com/advisories/SVD-2024-1206
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
11) Improper Verification of Cryptographic Signature
EUVDB-ID: #VU97605
Risk: Medium
CVSSv4.0: 1.7 [CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-42460
CWE-ID:
CWE-347 - Improper Verification of Cryptographic Signature
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to an error when handling ECDSA signatures. A remote attacker can bypass signature-based security checks. MitigationInstall update from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.3.1
CPE2.3- cpe:2.3:a:splunk:splunk_enterprise:9.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.3.1:*:*:*:*:*:*:*
https://advisory.splunk.com/advisories/SVD-2024-1206
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
12) Improper Verification of Cryptographic Signature
EUVDB-ID: #VU97604
Risk: Medium
CVSSv4.0: 2.7 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2024-42461
CWE-ID:
CWE-347 - Improper Verification of Cryptographic Signature
Exploit availability: No
DescriptionThe vulnerability allows a remote attacker to bypass implemented security restrictions.
The vulnerability exists due to an error when handling BER-encoded ECDSA signatures. A remote attacker can bypass signature-based security checks.
Install update from vendor's website.
Vulnerable software versionsSplunk Enterprise: 9.0.0 - 9.3.1
CPE2.3- cpe:2.3:a:splunk:splunk_enterprise:9.0.10:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.1.6:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.2.3:*:*:*:*:*:*:*
- cpe:2.3:a:splunk:splunk_enterprise:9.3.1:*:*:*:*:*:*:*
https://advisory.splunk.com/advisories/SVD-2024-1206
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
