Splunk Enterprise <9.3.1: Low-Privilege Crash via INGEST_EVAL Field Transf.: CVE-2024-45736 October 2024

Splunk Enterprise <9.3.1: Low-Privilege Crash via INGEST_EVAL Field Transf.
CVE-2024-45736 Published on October 14, 2024

Improperly Formatted ‘INGEST_EVAL’ Parameter Crashes Splunk Daemon
In Splunk Enterprise versions below 9.3.1, 9.2.3, and 9.1.6 and Splunk Cloud Platform versions below 9.2.2403.107, 9.1.2312.204, and 9.1.2312.111, a low-privileged user that does not hold the "admin" or "power" Splunk roles could craft a search query with an improperly formatted "INGEST_EVAL" parameter as part of a [Field Transformation](https://docs.splunk.com/Documentation/Splunk/latest/Knowledge/Managefieldtransforms) which could crash the Splunk daemon (splunkd).

Weakness Type

What is a Resource Exhaustion Vulnerability?

The software does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

CVE-2024-45736 has been classified to as a Resource Exhaustion vulnerability or weakness.

Products Associated with CVE-2024-45736

You can be notified by email with stack.watch whenever vulnerabilities like CVE-2024-45736 are published in these products:

Affected Versions

Version 9.3 and below 9.3.1 is affected.

Version 9.2 and below 9.2.3 is affected.

Version 9.1 and below 9.1.6 is affected.

Version 9.2.2403 and below 9.2.2403.107 is affected.

Version 9.1.2312 and below 9.1.2312.204 is affected.

Version 9.1.2312 and below 9.1.2312.111 is affected.

Version 9.3 and below 9.3.1 is affected.

Version 9.2 and below 9.2.3 is affected.

Version 9.1 and below 9.1.6 is affected.

Version 9.2.2403 and below 9.2.2403.107 is affected.

Version 9.1.2312 and below 9.1.2312.204 is affected.

Version 9.1.2312 and below 9.1.2312.111 is affected.

Exploit Probability

EPSS

0.19%

Percentile

41.24%