CVE-2023-22941

MEDIUM

Splunk Enterprise <8.1.13, 8.2.10, 9.0.4 - DoS

Title source: llm

Description

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted ‘INGEST_EVAL’ parameter in a Field Transformation crashes the Splunk daemon (splunkd).

Exploits (1)

nomisec STUB

by eduardosantos1989 · poc

https://github.com/eduardosantos1989/CVE-2023-22941

View Code ZIP pw:eip

References (2)

[Vendor Advisory] https://advisory.splunk.com/advisories/SVD-2023-0211

[Vendor Advisory] https://research.splunk.com/application/08978eca-caff-44c1-84dc-53f17def4e14/

Scores

CVSS v3 6.5

EPSS 0.0109

EPSS Percentile 78.1%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-248

Status published

Products (2)

splunk/splunk 8.1.0 - 8.1.13

splunk/splunk_cloud_platform < 9.0.2209.3

Published Feb 14, 2023

Tracked Since Feb 18, 2026