CVE-2021-3422Out-of-bounds Read in Splunk

CWE-125Out-of-bounds ReadCWE-20Improper Input Validation3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 39.75%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
SplunkSplunk Enterprise
Timeline
PublishedMar 25
Latest updateMar 26

Description

The lack of validation of a key-value field in the Splunk-to-Splunk protocol results in a denial-of-service in Splunk Enterprise instances configured to index Universal Forwarder traffic. The vulnerability impacts Splunk Enterprise versions before 7.3.9, 8.0 versions before 8.0.9, and 8.1 versions before 8.1.3. It does not impact Universal Forwarders. When Splunk forwarding is secured using TLS or a Token, the attack requires compromising the certificate or token, or both. Implementation of eith

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages2 packages

CVEListV5splunk/splunk_enterprise4 versions+3
NVDsplunk/splunk8.08.0.9+2

🔴Vulnerability Details

2
GHSA
GHSA-4c93-wvp2-c39r: The lack of validation of a key-value field in the Splunk-to-Splunk protocol results in a denial-of-service in Splunk Enterprise instances configured2022-03-26
CVEList
Indexer denial-of-service via malformed S2S request2022-03-25
CVE-2021-3422 — Out-of-bounds Read in Splunk | cvebase