CVE-2023-22941: Improperly Formatted ‘INGEST_EVAL’ Parameter Crashes Splunk Daemon

6.5 CVSS

Description

In Splunk Enterprise versions below 8.1.13, 8.2.10, and 9.0.4, an improperly-formatted ‘INGEST_EVAL’ parameter in a Field Transformation crashes the Splunk daemon (splunkd).

Classification

CVE ID: CVE-2023-22941

CVSS Base Severity: MEDIUM

CVSS Base Score: 6.5

Affected Products

Vendor: Splunk

Product: Splunk Enterprise

Exploit Prediction Scoring System (EPSS)

EPSS Score: 0.1% (probability of being exploited)

EPSS Percentile: 42.95% (scored less or equal to compared to others)

EPSS Date: 2025-02-03 (when was this score calculated)

References

https://advisory.splunk.com/advisories/SVD-2023-0211
https://research.splunk.com/application/08978eca-caff-44c1-84dc-53f17def4e14/

Timeline

2024-12-11 00:30:48 UTC
CVE

Improperly Formatted ‘INGEST_EVAL’ Parameter Crashes Splunk Daemon