CVE-2023-40594

MEDIUM

Splunk Enterprise <8.2.12,9.0.6,9.1.1 - DoS

Title source: llm

Description

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can use the `printf` SPL function to perform a denial of service (DoS) against the Splunk Enterprise instance.

References (2)

Core 2

Core References

Vendor Advisory

https://advisory.splunk.com/advisories/SVD-2023-0803

Vendor Advisory

https://research.splunk.com/application/78b48d08-075c-4eac-bd07-e364c3780867/

Scores

CVSS v3 6.5

EPSS 0.0011

EPSS Percentile 29.5%

Attack Vector LOCAL

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-400

Status published

Products (3)

splunk/splunk 9.1.0

splunk/splunk 8.2.0 - 8.2.12

splunk/splunk_cloud_platform < 9.0.2305.100

Published Aug 30, 2023

Tracked Since Feb 18, 2026