CVE-2024-45736

Name of the Vulnerable Software and Affected Versions: Splunk Enterprise versions prior to 9.3.1 Splunk Enterprise versions prior to 9.2.3 Splunk Enterprise versions prior to 9.1.6 Splunk Cloud Platform versions prior to 9.2.2403.107 Splunk Cloud Platform versions prior to 9.1.2312.204 Splunk Cloud Platform versions prior to 9.1.2312.111

Description: A low-privileged user without the "admin" or "power" Splunk roles could craft a search query with an improperly formatted INGEST EVAL parameter as part of a Field Transformation, which could crash the Splunk daemon (splunkd), resulting in a denial of service. This issue is related to an uncontrolled resource consumption due to the incorrectly formatted INGEST EVAL parameter.

Recommendations: For Splunk Enterprise versions prior to 9.3.1, update to version 9.3.1 or later. For Splunk Enterprise versions prior to 9.2.3, update to version 9.2.3 or later. For Splunk Enterprise versions prior to 9.1.6, update to version 9.1.6 or later. For Splunk Cloud Platform versions prior to 9.2.2403.107, update to version 9.2.2403.107 or later. For Splunk Cloud Platform versions prior to 9.1.2312.204, update to version 9.1.2312.204 or later. For Splunk Cloud Platform versions prior to 9.1.2312.111, update to version 9.1.2312.111 or later. As a temporary workaround, consider restricting access to the INGEST EVAL parameter in Field Transformations to minimize the risk of exploitation.