CVE-2023-40594

In Splunk Enterprise versions lower than 8.2.12, 9.0.6, and 9.1.1, an attacker can use the printf SPL function to perform a denial of service (DoS) against the Splunk Enterprise instance.

Published: Aug 30, 2023
Updated: Sep 2, 2023
CVE: CVE-2023-40594
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
splunk / splunk_cloud_platform	-	9.0.2305.100.x
splunk / splunk	9.1.0	9.1.0.x
splunk / splunk	8.2.0	8.2.12
splunk / splunk	9.0.0	9.0.6

https://advisory.splunk.com/advisories/SVD-2023-0803
https://research.splunk.com/application/78b48d08-075c-4eac-bd07-e364c3780867/

Vulnerability Database

289,697

CVE-2023-40594