Vulnerability-Lookup

CVE-2023-32695 (GCVE-0-2023-32695)

Vulnerability from cvelistv5 – Published: 2023-05-27 15:44 – Updated: 2025-01-13 21:03

Title

Insufficient validation when decoding a Socket.IO packet

Summary

socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. A patch has been released in version 4.2.3.

Severity ?

7.3 (High)


                        
                          CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

CWE

CWE-20 - Improper Input Validation

Assigner

GitHub_M

References

4 references

URL	Tags
https://github.com/socketio/socket.io-parser/secu…	x_refsource_CONFIRM
https://github.com/socketio/socket.io-parser/comm…	x_refsource_MISC
https://github.com/socketio/socket.io-parser/comm…	x_refsource_MISC
https://github.com/socketio/socket.io-parser/rele…	x_refsource_MISC

Impacted products

1 product

Vendor	Product	Version
socketio	socket.io-parser	Affected: >= 4.0.0, < 4.2.3 Affected: >= 3.4.0, < 3.4.3

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "providerMetadata": {
          "dateUpdated": "2024-08-02T15:25:36.835Z",
          "orgId": "af854a3a-2127-422b-91ae-364da2661108",
          "shortName": "CVE"
        },
        "references": [
          {
            "name": "https://github.com/socketio/socket.io-parser/security/advisories/GHSA-cqmj-92xf-r6r9",
            "tags": [
              "x_refsource_CONFIRM",
              "x_transferred"
            ],
            "url": "https://github.com/socketio/socket.io-parser/security/advisories/GHSA-cqmj-92xf-r6r9"
          },
          {
            "name": "https://github.com/socketio/socket.io-parser/commit/2dc3c92622dad113b8676be06f23b1ed46b02ced",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/socketio/socket.io-parser/commit/2dc3c92622dad113b8676be06f23b1ed46b02ced"
          },
          {
            "name": "https://github.com/socketio/socket.io-parser/commit/3b78117bf6ba7e99d7a5cfc1ba54d0477554a7f3",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/socketio/socket.io-parser/commit/3b78117bf6ba7e99d7a5cfc1ba54d0477554a7f3"
          },
          {
            "name": "https://github.com/socketio/socket.io-parser/releases/tag/4.2.3",
            "tags": [
              "x_refsource_MISC",
              "x_transferred"
            ],
            "url": "https://github.com/socketio/socket.io-parser/releases/tag/4.2.3"
          }
        ],
        "title": "CVE Program Container"
      },
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2023-32695",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "yes"
                  },
                  {
                    "Technical Impact": "partial"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2025-01-13T21:03:23.583073Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2025-01-13T21:03:34.130Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "product": "socket.io-parser",
          "vendor": "socketio",
          "versions": [
            {
              "status": "affected",
              "version": "\u003e= 4.0.0, \u003c 4.2.3"
            },
            {
              "status": "affected",
              "version": "\u003e= 3.4.0, \u003c 3.4.3"
            }
          ]
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. A patch has been released in version 4.2.3.\n\n"
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-20",
              "description": "CWE-20: Improper Input Validation",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2023-05-27T15:44:03.235Z",
        "orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
        "shortName": "GitHub_M"
      },
      "references": [
        {
          "name": "https://github.com/socketio/socket.io-parser/security/advisories/GHSA-cqmj-92xf-r6r9",
          "tags": [
            "x_refsource_CONFIRM"
          ],
          "url": "https://github.com/socketio/socket.io-parser/security/advisories/GHSA-cqmj-92xf-r6r9"
        },
        {
          "name": "https://github.com/socketio/socket.io-parser/commit/2dc3c92622dad113b8676be06f23b1ed46b02ced",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/socketio/socket.io-parser/commit/2dc3c92622dad113b8676be06f23b1ed46b02ced"
        },
        {
          "name": "https://github.com/socketio/socket.io-parser/commit/3b78117bf6ba7e99d7a5cfc1ba54d0477554a7f3",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/socketio/socket.io-parser/commit/3b78117bf6ba7e99d7a5cfc1ba54d0477554a7f3"
        },
        {
          "name": "https://github.com/socketio/socket.io-parser/releases/tag/4.2.3",
          "tags": [
            "x_refsource_MISC"
          ],
          "url": "https://github.com/socketio/socket.io-parser/releases/tag/4.2.3"
        }
      ],
      "source": {
        "advisory": "GHSA-cqmj-92xf-r6r9",
        "discovery": "UNKNOWN"
      },
      "title": "Insufficient validation when decoding a Socket.IO packet"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
    "assignerShortName": "GitHub_M",
    "cveId": "CVE-2023-32695",
    "datePublished": "2023-05-27T15:44:03.235Z",
    "dateReserved": "2023-05-11T16:33:45.733Z",
    "dateUpdated": "2025-01-13T21:03:34.130Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.1",
  "vulnerability-lookup:meta": {
    "epss": {
      "cve": "CVE-2023-32695",
      "date": "2026-05-15",
      "epss": "0.0031",
      "percentile": "0.54268"
    },
    "fkie_nvd": {
      "configurations": "[{\"nodes\": [{\"operator\": \"OR\", \"negate\": false, \"cpeMatch\": [{\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:socket:socket.io-parser:*:*:*:*:*:node.js:*:*\", \"versionStartIncluding\": \"3.4.0\", \"versionEndExcluding\": \"3.4.3\", \"matchCriteriaId\": \"1DC31C5F-524B-478D-A85F-0D4F4DCCFF28\"}, {\"vulnerable\": true, \"criteria\": \"cpe:2.3:a:socket:socket.io-parser:*:*:*:*:*:node.js:*:*\", \"versionStartIncluding\": \"4.0.4\", \"versionEndExcluding\": \"4.2.3\", \"matchCriteriaId\": \"994E08C3-8408-4FA3-AA7A-A2C13CD20AC9\"}]}]}]",
      "descriptions": "[{\"lang\": \"en\", \"value\": \"socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. A patch has been released in version 4.2.3.\\n\\n\"}]",
      "id": "CVE-2023-32695",
      "lastModified": "2024-11-21T08:03:52.187",
      "metrics": "{\"cvssMetricV31\": [{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\", \"baseScore\": 7.3, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"LOW\", \"integrityImpact\": \"LOW\", \"availabilityImpact\": \"LOW\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.4}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"cvssData\": {\"version\": \"3.1\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\", \"baseScore\": 7.5, \"baseSeverity\": \"HIGH\", \"attackVector\": \"NETWORK\", \"attackComplexity\": \"LOW\", \"privilegesRequired\": \"NONE\", \"userInteraction\": \"NONE\", \"scope\": \"UNCHANGED\", \"confidentialityImpact\": \"NONE\", \"integrityImpact\": \"NONE\", \"availabilityImpact\": \"HIGH\"}, \"exploitabilityScore\": 3.9, \"impactScore\": 3.6}]}",
      "published": "2023-05-27T16:15:09.433",
      "references": "[{\"url\": \"https://github.com/socketio/socket.io-parser/commit/2dc3c92622dad113b8676be06f23b1ed46b02ced\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/socketio/socket.io-parser/commit/3b78117bf6ba7e99d7a5cfc1ba54d0477554a7f3\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/socketio/socket.io-parser/releases/tag/4.2.3\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/socketio/socket.io-parser/security/advisories/GHSA-cqmj-92xf-r6r9\", \"source\": \"security-advisories@github.com\", \"tags\": [\"Vendor Advisory\"]}, {\"url\": \"https://github.com/socketio/socket.io-parser/commit/2dc3c92622dad113b8676be06f23b1ed46b02ced\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/socketio/socket.io-parser/commit/3b78117bf6ba7e99d7a5cfc1ba54d0477554a7f3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Patch\"]}, {\"url\": \"https://github.com/socketio/socket.io-parser/releases/tag/4.2.3\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Release Notes\"]}, {\"url\": \"https://github.com/socketio/socket.io-parser/security/advisories/GHSA-cqmj-92xf-r6r9\", \"source\": \"af854a3a-2127-422b-91ae-364da2661108\", \"tags\": [\"Vendor Advisory\"]}]",
      "sourceIdentifier": "security-advisories@github.com",
      "vulnStatus": "Modified",
      "weaknesses": "[{\"source\": \"security-advisories@github.com\", \"type\": \"Secondary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-20\"}]}, {\"source\": \"nvd@nist.gov\", \"type\": \"Primary\", \"description\": [{\"lang\": \"en\", \"value\": \"CWE-754\"}]}]"
    },
    "nvd": "{\"cve\":{\"id\":\"CVE-2023-32695\",\"sourceIdentifier\":\"security-advisories@github.com\",\"published\":\"2023-05-27T16:15:09.433\",\"lastModified\":\"2024-11-21T08:03:52.187\",\"vulnStatus\":\"Modified\",\"cveTags\":[],\"descriptions\":[{\"lang\":\"en\",\"value\":\"socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. A patch has been released in version 4.2.3.\\n\\n\"}],\"metrics\":{\"cvssMetricV31\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\",\"baseScore\":7.3,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"LOW\",\"integrityImpact\":\"LOW\",\"availabilityImpact\":\"LOW\"},\"exploitabilityScore\":3.9,\"impactScore\":3.4},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"cvssData\":{\"version\":\"3.1\",\"vectorString\":\"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H\",\"baseScore\":7.5,\"baseSeverity\":\"HIGH\",\"attackVector\":\"NETWORK\",\"attackComplexity\":\"LOW\",\"privilegesRequired\":\"NONE\",\"userInteraction\":\"NONE\",\"scope\":\"UNCHANGED\",\"confidentialityImpact\":\"NONE\",\"integrityImpact\":\"NONE\",\"availabilityImpact\":\"HIGH\"},\"exploitabilityScore\":3.9,\"impactScore\":3.6}]},\"weaknesses\":[{\"source\":\"security-advisories@github.com\",\"type\":\"Secondary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-20\"}]},{\"source\":\"nvd@nist.gov\",\"type\":\"Primary\",\"description\":[{\"lang\":\"en\",\"value\":\"CWE-754\"}]}],\"configurations\":[{\"nodes\":[{\"operator\":\"OR\",\"negate\":false,\"cpeMatch\":[{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:socket:socket.io-parser:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"3.4.0\",\"versionEndExcluding\":\"3.4.3\",\"matchCriteriaId\":\"1DC31C5F-524B-478D-A85F-0D4F4DCCFF28\"},{\"vulnerable\":true,\"criteria\":\"cpe:2.3:a:socket:socket.io-parser:*:*:*:*:*:node.js:*:*\",\"versionStartIncluding\":\"4.0.4\",\"versionEndExcluding\":\"4.2.3\",\"matchCriteriaId\":\"994E08C3-8408-4FA3-AA7A-A2C13CD20AC9\"}]}]}],\"references\":[{\"url\":\"https://github.com/socketio/socket.io-parser/commit/2dc3c92622dad113b8676be06f23b1ed46b02ced\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/socketio/socket.io-parser/commit/3b78117bf6ba7e99d7a5cfc1ba54d0477554a7f3\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/socketio/socket.io-parser/releases/tag/4.2.3\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/socketio/socket.io-parser/security/advisories/GHSA-cqmj-92xf-r6r9\",\"source\":\"security-advisories@github.com\",\"tags\":[\"Vendor Advisory\"]},{\"url\":\"https://github.com/socketio/socket.io-parser/commit/2dc3c92622dad113b8676be06f23b1ed46b02ced\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/socketio/socket.io-parser/commit/3b78117bf6ba7e99d7a5cfc1ba54d0477554a7f3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Patch\"]},{\"url\":\"https://github.com/socketio/socket.io-parser/releases/tag/4.2.3\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Release Notes\"]},{\"url\":\"https://github.com/socketio/socket.io-parser/security/advisories/GHSA-cqmj-92xf-r6r9\",\"source\":\"af854a3a-2127-422b-91ae-364da2661108\",\"tags\":[\"Vendor Advisory\"]}]}}",
    "vulnrichment": {
      "containers": "{\"adp\": [{\"title\": \"CVE Program Container\", \"references\": [{\"url\": \"https://github.com/socketio/socket.io-parser/security/advisories/GHSA-cqmj-92xf-r6r9\", \"name\": \"https://github.com/socketio/socket.io-parser/security/advisories/GHSA-cqmj-92xf-r6r9\", \"tags\": [\"x_refsource_CONFIRM\", \"x_transferred\"]}, {\"url\": \"https://github.com/socketio/socket.io-parser/commit/2dc3c92622dad113b8676be06f23b1ed46b02ced\", \"name\": \"https://github.com/socketio/socket.io-parser/commit/2dc3c92622dad113b8676be06f23b1ed46b02ced\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/socketio/socket.io-parser/commit/3b78117bf6ba7e99d7a5cfc1ba54d0477554a7f3\", \"name\": \"https://github.com/socketio/socket.io-parser/commit/3b78117bf6ba7e99d7a5cfc1ba54d0477554a7f3\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}, {\"url\": \"https://github.com/socketio/socket.io-parser/releases/tag/4.2.3\", \"name\": \"https://github.com/socketio/socket.io-parser/releases/tag/4.2.3\", \"tags\": [\"x_refsource_MISC\", \"x_transferred\"]}], \"providerMetadata\": {\"orgId\": \"af854a3a-2127-422b-91ae-364da2661108\", \"shortName\": \"CVE\", \"dateUpdated\": \"2024-08-02T15:25:36.835Z\"}}, {\"title\": \"CISA ADP Vulnrichment\", \"metrics\": [{\"other\": {\"type\": \"ssvc\", \"content\": {\"id\": \"CVE-2023-32695\", \"role\": \"CISA Coordinator\", \"options\": [{\"Exploitation\": \"none\"}, {\"Automatable\": \"yes\"}, {\"Technical Impact\": \"partial\"}], \"version\": \"2.0.3\", \"timestamp\": \"2025-01-13T21:03:23.583073Z\"}}}], \"providerMetadata\": {\"orgId\": \"134c704f-9b21-4f2e-91b3-4a467353bcc0\", \"shortName\": \"CISA-ADP\", \"dateUpdated\": \"2025-01-13T21:03:27.848Z\"}}], \"cna\": {\"title\": \"Insufficient validation when decoding a Socket.IO packet\", \"source\": {\"advisory\": \"GHSA-cqmj-92xf-r6r9\", \"discovery\": \"UNKNOWN\"}, \"metrics\": [{\"cvssV3_1\": {\"scope\": \"UNCHANGED\", \"version\": \"3.1\", \"baseScore\": 7.3, \"attackVector\": \"NETWORK\", \"baseSeverity\": \"HIGH\", \"vectorString\": \"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L\", \"integrityImpact\": \"LOW\", \"userInteraction\": \"NONE\", \"attackComplexity\": \"LOW\", \"availabilityImpact\": \"LOW\", \"privilegesRequired\": \"NONE\", \"confidentialityImpact\": \"LOW\"}}], \"affected\": [{\"vendor\": \"socketio\", \"product\": \"socket.io-parser\", \"versions\": [{\"status\": \"affected\", \"version\": \"\u003e= 4.0.0, \u003c 4.2.3\"}, {\"status\": \"affected\", \"version\": \"\u003e= 3.4.0, \u003c 3.4.3\"}]}], \"references\": [{\"url\": \"https://github.com/socketio/socket.io-parser/security/advisories/GHSA-cqmj-92xf-r6r9\", \"name\": \"https://github.com/socketio/socket.io-parser/security/advisories/GHSA-cqmj-92xf-r6r9\", \"tags\": [\"x_refsource_CONFIRM\"]}, {\"url\": \"https://github.com/socketio/socket.io-parser/commit/2dc3c92622dad113b8676be06f23b1ed46b02ced\", \"name\": \"https://github.com/socketio/socket.io-parser/commit/2dc3c92622dad113b8676be06f23b1ed46b02ced\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/socketio/socket.io-parser/commit/3b78117bf6ba7e99d7a5cfc1ba54d0477554a7f3\", \"name\": \"https://github.com/socketio/socket.io-parser/commit/3b78117bf6ba7e99d7a5cfc1ba54d0477554a7f3\", \"tags\": [\"x_refsource_MISC\"]}, {\"url\": \"https://github.com/socketio/socket.io-parser/releases/tag/4.2.3\", \"name\": \"https://github.com/socketio/socket.io-parser/releases/tag/4.2.3\", \"tags\": [\"x_refsource_MISC\"]}], \"descriptions\": [{\"lang\": \"en\", \"value\": \"socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. A patch has been released in version 4.2.3.\\n\\n\"}], \"problemTypes\": [{\"descriptions\": [{\"lang\": \"en\", \"type\": \"CWE\", \"cweId\": \"CWE-20\", \"description\": \"CWE-20: Improper Input Validation\"}]}], \"providerMetadata\": {\"orgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"shortName\": \"GitHub_M\", \"dateUpdated\": \"2023-05-27T15:44:03.235Z\"}}}",
      "cveMetadata": "{\"cveId\": \"CVE-2023-32695\", \"state\": \"PUBLISHED\", \"dateUpdated\": \"2025-01-13T21:03:34.130Z\", \"dateReserved\": \"2023-05-11T16:33:45.733Z\", \"assignerOrgId\": \"a0819718-46f1-4df5-94e2-005712e83aaa\", \"datePublished\": \"2023-05-27T15:44:03.235Z\", \"assignerShortName\": \"GitHub_M\"}",
      "dataType": "CVE_RECORD",
      "dataVersion": "5.1"
    }
  }
}

CERTFR-2024-AVI-0015

Vulnerability from certfr_avis - Published: - Updated:

De multiples vulnérabilités ont été découvertes dans les produits Splunk. Elles permettent à un attaquant de provoquer un problème de sécurité non spécifié par l'éditeur et un déni de service à distance.

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Splunk	N/A	Splunk User Behavior Analytics (UBA) versions antérieures à 5.2.1
	Splunk	Splunk Enterprise	Splunk Enterprise Security (ES) versions antérieures à 7.1.2

References

Title

Publication Time

CERTFR-2024-AVI-0015

Vulnerability from certfr_avis - Published: - Updated:

Solution

Se référer au bulletin de sécurité de l'éditeur pour l'obtention des correctifs (cf. section Documentation).

None

Impacted products

	Vendor	Product	Description
	Splunk	N/A	Splunk User Behavior Analytics (UBA) versions antérieures à 5.2.1
	Splunk	Splunk Enterprise	Splunk Enterprise Security (ES) versions antérieures à 7.1.2

References

Title

Publication Time

GSD-2023-32695

Vulnerability from gsd - Updated: 2023-12-13 01:20

Details

Aliases

CVE-2023-32695

Aliases

CVE-2023-32695

JSON

To clipboard

{
  "GSD": {
    "alias": "CVE-2023-32695",
    "id": "GSD-2023-32695"
  },
  "gsd": {
    "metadata": {
      "exploitCode": "unknown",
      "remediation": "unknown",
      "reportConfidence": "confirmed",
      "type": "vulnerability"
    },
    "osvSchema": {
      "aliases": [
        "CVE-2023-32695"
      ],
      "details": "socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. A patch has been released in version 4.2.3.\n\n",
      "id": "GSD-2023-32695",
      "modified": "2023-12-13T01:20:23.284054Z",
      "schema_version": "1.4.0"
    }
  },
  "namespaces": {
    "cve.org": {
      "CVE_data_meta": {
        "ASSIGNER": "security-advisories@github.com",
        "ID": "CVE-2023-32695",
        "STATE": "PUBLIC"
      },
      "affects": {
        "vendor": {
          "vendor_data": [
            {
              "product": {
                "product_data": [
                  {
                    "product_name": "socket.io-parser",
                    "version": {
                      "version_data": [
                        {
                          "version_affected": "=",
                          "version_value": "\u003e= 4.0.0, \u003c 4.2.3"
                        },
                        {
                          "version_affected": "=",
                          "version_value": "\u003e= 3.4.0, \u003c 3.4.3"
                        }
                      ]
                    }
                  }
                ]
              },
              "vendor_name": "socketio"
            }
          ]
        }
      },
      "data_format": "MITRE",
      "data_type": "CVE",
      "data_version": "4.0",
      "description": {
        "description_data": [
          {
            "lang": "eng",
            "value": "socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. A patch has been released in version 4.2.3.\n\n"
          }
        ]
      },
      "impact": {
        "cvss": [
          {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "LOW",
            "baseScore": 7.3,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "LOW",
            "integrityImpact": "LOW",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
            "version": "3.1"
          }
        ]
      },
      "problemtype": {
        "problemtype_data": [
          {
            "description": [
              {
                "cweId": "CWE-20",
                "lang": "eng",
                "value": "CWE-20: Improper Input Validation"
              }
            ]
          }
        ]
      },
      "references": {
        "reference_data": [
          {
            "name": "https://github.com/socketio/socket.io-parser/security/advisories/GHSA-cqmj-92xf-r6r9",
            "refsource": "MISC",
            "url": "https://github.com/socketio/socket.io-parser/security/advisories/GHSA-cqmj-92xf-r6r9"
          },
          {
            "name": "https://github.com/socketio/socket.io-parser/commit/2dc3c92622dad113b8676be06f23b1ed46b02ced",
            "refsource": "MISC",
            "url": "https://github.com/socketio/socket.io-parser/commit/2dc3c92622dad113b8676be06f23b1ed46b02ced"
          },
          {
            "name": "https://github.com/socketio/socket.io-parser/commit/3b78117bf6ba7e99d7a5cfc1ba54d0477554a7f3",
            "refsource": "MISC",
            "url": "https://github.com/socketio/socket.io-parser/commit/3b78117bf6ba7e99d7a5cfc1ba54d0477554a7f3"
          },
          {
            "name": "https://github.com/socketio/socket.io-parser/releases/tag/4.2.3",
            "refsource": "MISC",
            "url": "https://github.com/socketio/socket.io-parser/releases/tag/4.2.3"
          }
        ]
      },
      "source": {
        "advisory": "GHSA-cqmj-92xf-r6r9",
        "discovery": "UNKNOWN"
      }
    },
    "gitlab.com": {
      "advisories": [
        {
          "affected_range": "\u003e=3.4.0 \u003c3.4.3||\u003e=4.0.4 \u003c4.2.3",
          "affected_versions": "All versions starting from 3.4.0 before 3.4.3, all versions starting from 4.0.4 before 4.2.3",
          "cvss_v3": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "cwe_ids": [
            "CWE-1035",
            "CWE-754",
            "CWE-937"
          ],
          "date": "2023-06-05",
          "description": "### Impact\n\nA specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process.",
          "fixed_versions": [
            "3.4.3",
            "4.2.3"
          ],
          "identifier": "CVE-2023-32695",
          "identifiers": [
            "CVE-2023-32695",
            "GHSA-cqmj-92xf-r6r9"
          ],
          "not_impacted": "All versions before 3.4.0, all versions starting from 3.4.3 before 4.0.4, all versions starting from 4.2.3",
          "package_slug": "npm/socket.io-parser",
          "pubdate": "2023-05-27",
          "solution": "Upgrade to versions 3.4.3, 4.2.3 or above.",
          "title": "Insufficient validation when decoding a Socket.IO packet",
          "urls": [
            "https://github.com/socketio/socket.io-parser/security/advisories/GHSA-cqmj-92xf-r6r9",
            "https://github.com/socketio/socket.io-parser/commit/2dc3c92622dad113b8676be06f23b1ed46b02ced",
            "https://github.com/socketio/socket.io-parser/commit/3b78117bf6ba7e99d7a5cfc1ba54d0477554a7f3",
            "https://github.com/advisories/GHSA-cqmj-92xf-r6r9"
          ],
          "uuid": "6dd4573e-2885-41e1-8bdd-97f7c3dc0fa8"
        }
      ]
    },
    "nvd.nist.gov": {
      "configurations": {
        "CVE_data_version": "4.0",
        "nodes": [
          {
            "children": [],
            "cpe_match": [
              {
                "cpe23Uri": "cpe:2.3:a:socket:socket.io-parser:*:*:*:*:*:node.js:*:*",
                "cpe_name": [],
                "versionEndExcluding": "4.2.3",
                "versionStartIncluding": "4.0.4",
                "vulnerable": true
              },
              {
                "cpe23Uri": "cpe:2.3:a:socket:socket.io-parser:*:*:*:*:*:node.js:*:*",
                "cpe_name": [],
                "versionEndExcluding": "3.4.3",
                "versionStartIncluding": "3.4.0",
                "vulnerable": true
              }
            ],
            "operator": "OR"
          }
        ]
      },
      "cve": {
        "CVE_data_meta": {
          "ASSIGNER": "security-advisories@github.com",
          "ID": "CVE-2023-32695"
        },
        "data_format": "MITRE",
        "data_type": "CVE",
        "data_version": "4.0",
        "description": {
          "description_data": [
            {
              "lang": "en",
              "value": "socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. A patch has been released in version 4.2.3.\n\n"
            }
          ]
        },
        "problemtype": {
          "problemtype_data": [
            {
              "description": [
                {
                  "lang": "en",
                  "value": "CWE-754"
                }
              ]
            }
          ]
        },
        "references": {
          "reference_data": [
            {
              "name": "https://github.com/socketio/socket.io-parser/releases/tag/4.2.3",
              "refsource": "MISC",
              "tags": [
                "Release Notes"
              ],
              "url": "https://github.com/socketio/socket.io-parser/releases/tag/4.2.3"
            },
            {
              "name": "https://github.com/socketio/socket.io-parser/commit/3b78117bf6ba7e99d7a5cfc1ba54d0477554a7f3",
              "refsource": "MISC",
              "tags": [
                "Patch"
              ],
              "url": "https://github.com/socketio/socket.io-parser/commit/3b78117bf6ba7e99d7a5cfc1ba54d0477554a7f3"
            },
            {
              "name": "https://github.com/socketio/socket.io-parser/commit/2dc3c92622dad113b8676be06f23b1ed46b02ced",
              "refsource": "MISC",
              "tags": [
                "Patch"
              ],
              "url": "https://github.com/socketio/socket.io-parser/commit/2dc3c92622dad113b8676be06f23b1ed46b02ced"
            },
            {
              "name": "https://github.com/socketio/socket.io-parser/security/advisories/GHSA-cqmj-92xf-r6r9",
              "refsource": "MISC",
              "tags": [
                "Vendor Advisory"
              ],
              "url": "https://github.com/socketio/socket.io-parser/security/advisories/GHSA-cqmj-92xf-r6r9"
            }
          ]
        }
      },
      "impact": {
        "baseMetricV3": {
          "cvssV3": {
            "attackComplexity": "LOW",
            "attackVector": "NETWORK",
            "availabilityImpact": "HIGH",
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "confidentialityImpact": "NONE",
            "integrityImpact": "NONE",
            "privilegesRequired": "NONE",
            "scope": "UNCHANGED",
            "userInteraction": "NONE",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "exploitabilityScore": 3.9,
          "impactScore": 3.6
        }
      },
      "lastModifiedDate": "2023-06-05T15:54Z",
      "publishedDate": "2023-05-27T16:15Z"
    }
  }
}

WID-SEC-W-2023-1800

Vulnerability from csaf_certbund - Published: 2023-07-18 22:00 - Updated: 2023-07-18 22:00

Summary

HCL BigFix: Mehrere Schwachstellen

Severity

Mittel

Notes

Das BSI ist als Anbieter für die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch dafür verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgfältig im Einzelfall zu prüfen.

Produktbeschreibung: BigFix ist eine Lösung zum Erkennen und Verwalten von physischen und virtuellen Endpunkten.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in HCL BigFix WebUI ausnutzen, um seine Privilegien zu erweitern, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.

Betroffene Betriebssysteme: - UNIX - Linux - Windows

CVE-2023-32695

In HCL BigFix WebUI existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten, teilweise von Drittanbietern. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuführen.

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
HCL BigFix WebUI HCL	`cpe:/a:hcltech:bigfix:webui`	—

CVE-2023-31125

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
HCL BigFix WebUI HCL	`cpe:/a:hcltech:bigfix:webui`	—

CVE-2023-30533

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
HCL BigFix WebUI HCL	`cpe:/a:hcltech:bigfix:webui`	—

CVE-2023-28155

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
HCL BigFix WebUI HCL	`cpe:/a:hcltech:bigfix:webui`	—

CVE-2023-28023

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
HCL BigFix WebUI HCL	`cpe:/a:hcltech:bigfix:webui`	—

CVE-2023-28021

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
HCL BigFix WebUI HCL	`cpe:/a:hcltech:bigfix:webui`	—

CVE-2023-28020

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
HCL BigFix WebUI HCL	`cpe:/a:hcltech:bigfix:webui`	—

CVE-2023-28019

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
HCL BigFix WebUI HCL	`cpe:/a:hcltech:bigfix:webui`	—

CVE-2021-43138

Affected products

Known affected 1 product

Product	Identifier	Version	Remediation
HCL BigFix WebUI HCL	`cpe:/a:hcltech:bigfix:webui`	—

References

3 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://support.hcltechsw.com/csm?id=kb_article&s…	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "mittel"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "BigFix ist eine L\u00f6sung zum Erkennen und Verwalten von physischen und virtuellen Endpunkten.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in HCL BigFix WebUI ausnutzen, um seine Privilegien zu erweitern, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- UNIX\n- Linux\n- Windows",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2023-1800 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2023/wid-sec-w-2023-1800.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2023-1800 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2023-1800"
      },
      {
        "category": "external",
        "summary": "HCL Security Advisory vom 2023-07-18",
        "url": "https://support.hcltechsw.com/csm?id=kb_article\u0026sysparm_article=KB0106123"
      }
    ],
    "source_lang": "en-US",
    "title": "HCL BigFix: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2023-07-18T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T17:55:49.788+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2023-1800",
      "initial_release_date": "2023-07-18T22:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2023-07-18T22:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "category": "product_name",
            "name": "HCL BigFix WebUI",
            "product": {
              "name": "HCL BigFix WebUI",
              "product_id": "T023767",
              "product_identification_helper": {
                "cpe": "cpe:/a:hcltech:bigfix:webui"
              }
            }
          }
        ],
        "category": "vendor",
        "name": "HCL"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-32695",
      "notes": [
        {
          "category": "description",
          "text": "In HCL BigFix WebUI existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten, teilweise von Drittanbietern. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T023767"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2023-32695"
    },
    {
      "cve": "CVE-2023-31125",
      "notes": [
        {
          "category": "description",
          "text": "In HCL BigFix WebUI existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten, teilweise von Drittanbietern. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T023767"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2023-31125"
    },
    {
      "cve": "CVE-2023-30533",
      "notes": [
        {
          "category": "description",
          "text": "In HCL BigFix WebUI existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten, teilweise von Drittanbietern. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T023767"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2023-30533"
    },
    {
      "cve": "CVE-2023-28155",
      "notes": [
        {
          "category": "description",
          "text": "In HCL BigFix WebUI existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten, teilweise von Drittanbietern. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T023767"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2023-28155"
    },
    {
      "cve": "CVE-2023-28023",
      "notes": [
        {
          "category": "description",
          "text": "In HCL BigFix WebUI existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten, teilweise von Drittanbietern. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T023767"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2023-28023"
    },
    {
      "cve": "CVE-2023-28021",
      "notes": [
        {
          "category": "description",
          "text": "In HCL BigFix WebUI existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten, teilweise von Drittanbietern. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T023767"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2023-28021"
    },
    {
      "cve": "CVE-2023-28020",
      "notes": [
        {
          "category": "description",
          "text": "In HCL BigFix WebUI existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten, teilweise von Drittanbietern. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T023767"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2023-28020"
    },
    {
      "cve": "CVE-2023-28019",
      "notes": [
        {
          "category": "description",
          "text": "In HCL BigFix WebUI existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten, teilweise von Drittanbietern. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T023767"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2023-28019"
    },
    {
      "cve": "CVE-2021-43138",
      "notes": [
        {
          "category": "description",
          "text": "In HCL BigFix WebUI existieren mehrere Schwachstellen. Diese bestehen in verschiedenen Komponenten, teilweise von Drittanbietern. Ein entfernter, anonymer oder authentisierter Angreifer kann diese Schwachstellen ausnutzen, um seine Privilegien zu erweitern, Dateien zu manipulieren, Informationen offenzulegen, Sicherheitsvorkehrungen zu umgehen oder einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T023767"
        ]
      },
      "release_date": "2023-07-18T22:00:00.000+00:00",
      "title": "CVE-2021-43138"
    }
  ]
}

WID-SEC-W-2024-0049

Vulnerability from csaf_certbund - Published: 2024-01-09 23:00 - Updated: 2024-07-01 22:00

Summary

Splunk Enterprise: Mehrere Schwachstellen

Severity

Hoch

Notes

Produktbeschreibung: Splunk Enterprise ermöglicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.

Angriff: Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Splunk Enterprise ausnutzen, um beliebigen Programmcode auszuführen, einen Denial of Service Zustand herbeizuführen oder unbekannte Auswirkungen zu verursachen.

Betroffene Betriebssysteme: - Linux - UNIX

CVE-2015-5237

In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zurückzuführen. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuführen, einen Denial of Service Zustand herbeizuführen oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen benötigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1

CVE-2021-23446

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1

CVE-2022-25883

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1

CVE-2022-3171

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1

CVE-2022-3509

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1

CVE-2022-3510

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1

CVE-2022-37599

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1

CVE-2022-37601

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1

CVE-2022-37603

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1

CVE-2022-46175

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1

CVE-2023-2976

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1

CVE-2023-32695

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1

CVE-2023-45133

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1

CVE-2024-22164

In Splunk Enterprise existieren mehrere Schwachstellen. Diese bestehen in der Komponente "Investigator" und sind auf Fehler bei der Verarbeitung von Requests und Investigationen zurückzuführen. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service Zustand herbeizuführen.

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1

CVE-2024-22165

Affected products

Known affected 3 products

Product	Identifier	Version	Remediation
Splunk Splunk Enterprise <9.0.9 Splunk / Splunk Enterprise		<9.0.9
Splunk Splunk Enterprise <9.1.4 Splunk / Splunk Enterprise		<9.1.4
Splunk Splunk Enterprise <9.2.1 Splunk / Splunk Enterprise		<9.2.1

References

8 references

URL	Category
https://wid.cert-bund.de/.well-known/csaf/white/2…	self
https://wid.cert-bund.de/portal/wid/securityadvis…	self
https://advisory.splunk.com//advisories/SVD-2024-0101	external
https://advisory.splunk.com//advisories/SVD-2024-0102	external
https://advisory.splunk.com//advisories/SVD-2024-0103	external
https://advisory.splunk.com//advisories/SVD-2024-0104	external
https://advisory.splunk.com//advisories/SVD-2024-0112	external
https://advisory.splunk.com/advisories/SVD-2024-0718	external

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "text": "hoch"
    },
    "category": "csaf_base",
    "csaf_version": "2.0",
    "distribution": {
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "de-DE",
    "notes": [
      {
        "category": "legal_disclaimer",
        "text": "Das BSI ist als Anbieter f\u00fcr die eigenen, zur Nutzung bereitgestellten Inhalte nach den allgemeinen Gesetzen verantwortlich. Nutzerinnen und Nutzer sind jedoch daf\u00fcr verantwortlich, die Verwendung und/oder die Umsetzung der mit den Inhalten bereitgestellten Informationen sorgf\u00e4ltig im Einzelfall zu pr\u00fcfen."
      },
      {
        "category": "description",
        "text": "Splunk Enterprise erm\u00f6glicht Monitoring und Analyse von Clickstream-Daten und Kundentransaktionen.",
        "title": "Produktbeschreibung"
      },
      {
        "category": "summary",
        "text": "Ein entfernter, anonymer Angreifer kann mehrere Schwachstellen in Splunk Enterprise ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen.",
        "title": "Angriff"
      },
      {
        "category": "general",
        "text": "- Linux\n- UNIX",
        "title": "Betroffene Betriebssysteme"
      }
    ],
    "publisher": {
      "category": "other",
      "contact_details": "csaf-provider@cert-bund.de",
      "name": "Bundesamt f\u00fcr Sicherheit in der Informationstechnik",
      "namespace": "https://www.bsi.bund.de"
    },
    "references": [
      {
        "category": "self",
        "summary": "WID-SEC-W-2024-0049 - CSAF Version",
        "url": "https://wid.cert-bund.de/.well-known/csaf/white/2024/wid-sec-w-2024-0049.json"
      },
      {
        "category": "self",
        "summary": "WID-SEC-2024-0049 - Portal Version",
        "url": "https://wid.cert-bund.de/portal/wid/securityadvisory?name=WID-SEC-2024-0049"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory SVD-2024-0101 vom 2024-01-09",
        "url": "https://advisory.splunk.com//advisories/SVD-2024-0101"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory SVD-2024-0102 vom 2024-01-09",
        "url": "https://advisory.splunk.com//advisories/SVD-2024-0102"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory SVD-2024-0103 vom 2024-01-09",
        "url": "https://advisory.splunk.com//advisories/SVD-2024-0103"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory SVD-2024-0104 vom 2024-01-09",
        "url": "https://advisory.splunk.com//advisories/SVD-2024-0104"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory SVD-2024-0112 vom 2024-01-30",
        "url": "https://advisory.splunk.com//advisories/SVD-2024-0112"
      },
      {
        "category": "external",
        "summary": "Splunk Security Advisory SVD-2024-0718 vom 2024-07-02",
        "url": "https://advisory.splunk.com/advisories/SVD-2024-0718"
      }
    ],
    "source_lang": "en-US",
    "title": "Splunk Enterprise: Mehrere Schwachstellen",
    "tracking": {
      "current_release_date": "2024-07-01T22:00:00.000+00:00",
      "generator": {
        "date": "2024-08-15T18:03:28.208+00:00",
        "engine": {
          "name": "BSI-WID",
          "version": "1.3.5"
        }
      },
      "id": "WID-SEC-W-2024-0049",
      "initial_release_date": "2024-01-09T23:00:00.000+00:00",
      "revision_history": [
        {
          "date": "2024-01-09T23:00:00.000+00:00",
          "number": "1",
          "summary": "Initiale Fassung"
        },
        {
          "date": "2024-01-30T23:00:00.000+00:00",
          "number": "2",
          "summary": "Neue Updates von Splunk-SVD aufgenommen"
        },
        {
          "date": "2024-07-01T22:00:00.000+00:00",
          "number": "3",
          "summary": "Neue Updates von Splunk-SVD aufgenommen"
        }
      ],
      "status": "final",
      "version": "3"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version_range",
                "name": "Security \u003c7.3.0",
                "product": {
                  "name": "Splunk Splunk Enterprise Security \u003c7.3.0",
                  "product_id": "T031923"
                }
              },
              {
                "category": "product_version_range",
                "name": "Security \u003c7.2.0",
                "product": {
                  "name": "Splunk Splunk Enterprise Security \u003c7.2.0",
                  "product_id": "T031924"
                }
              },
              {
                "category": "product_version_range",
                "name": "Security \u003c7.1.2",
                "product": {
                  "name": "Splunk Splunk Enterprise Security \u003c7.1.2",
                  "product_id": "T031925"
                }
              },
              {
                "category": "product_version_range",
                "name": "UBA \u003c5.3.0",
                "product": {
                  "name": "Splunk Splunk Enterprise UBA \u003c5.3.0",
                  "product_id": "T031926"
                }
              },
              {
                "category": "product_version_range",
                "name": "UBA \u003c5.2.1",
                "product": {
                  "name": "Splunk Splunk Enterprise UBA \u003c5.2.1",
                  "product_id": "T031927"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.2.1",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c9.2.1",
                  "product_id": "T033705"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.1.4",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c9.1.4",
                  "product_id": "T033718"
                }
              },
              {
                "category": "product_version_range",
                "name": "\u003c9.0.9",
                "product": {
                  "name": "Splunk Splunk Enterprise \u003c9.0.9",
                  "product_id": "T033720"
                }
              }
            ],
            "category": "product_name",
            "name": "Splunk Enterprise"
          }
        ],
        "category": "vendor",
        "name": "Splunk"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2015-5237",
      "notes": [
        {
          "category": "description",
          "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033720",
          "T033718",
          "T033705"
        ]
      },
      "release_date": "2024-01-09T23:00:00.000+00:00",
      "title": "CVE-2015-5237"
    },
    {
      "cve": "CVE-2021-23446",
      "notes": [
        {
          "category": "description",
          "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033720",
          "T033718",
          "T033705"
        ]
      },
      "release_date": "2024-01-09T23:00:00.000+00:00",
      "title": "CVE-2021-23446"
    },
    {
      "cve": "CVE-2022-25883",
      "notes": [
        {
          "category": "description",
          "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033720",
          "T033718",
          "T033705"
        ]
      },
      "release_date": "2024-01-09T23:00:00.000+00:00",
      "title": "CVE-2022-25883"
    },
    {
      "cve": "CVE-2022-3171",
      "notes": [
        {
          "category": "description",
          "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033720",
          "T033718",
          "T033705"
        ]
      },
      "release_date": "2024-01-09T23:00:00.000+00:00",
      "title": "CVE-2022-3171"
    },
    {
      "cve": "CVE-2022-3509",
      "notes": [
        {
          "category": "description",
          "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033720",
          "T033718",
          "T033705"
        ]
      },
      "release_date": "2024-01-09T23:00:00.000+00:00",
      "title": "CVE-2022-3509"
    },
    {
      "cve": "CVE-2022-3510",
      "notes": [
        {
          "category": "description",
          "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033720",
          "T033718",
          "T033705"
        ]
      },
      "release_date": "2024-01-09T23:00:00.000+00:00",
      "title": "CVE-2022-3510"
    },
    {
      "cve": "CVE-2022-37599",
      "notes": [
        {
          "category": "description",
          "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033720",
          "T033718",
          "T033705"
        ]
      },
      "release_date": "2024-01-09T23:00:00.000+00:00",
      "title": "CVE-2022-37599"
    },
    {
      "cve": "CVE-2022-37601",
      "notes": [
        {
          "category": "description",
          "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033720",
          "T033718",
          "T033705"
        ]
      },
      "release_date": "2024-01-09T23:00:00.000+00:00",
      "title": "CVE-2022-37601"
    },
    {
      "cve": "CVE-2022-37603",
      "notes": [
        {
          "category": "description",
          "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033720",
          "T033718",
          "T033705"
        ]
      },
      "release_date": "2024-01-09T23:00:00.000+00:00",
      "title": "CVE-2022-37603"
    },
    {
      "cve": "CVE-2022-46175",
      "notes": [
        {
          "category": "description",
          "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033720",
          "T033718",
          "T033705"
        ]
      },
      "release_date": "2024-01-09T23:00:00.000+00:00",
      "title": "CVE-2022-46175"
    },
    {
      "cve": "CVE-2023-2976",
      "notes": [
        {
          "category": "description",
          "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033720",
          "T033718",
          "T033705"
        ]
      },
      "release_date": "2024-01-09T23:00:00.000+00:00",
      "title": "CVE-2023-2976"
    },
    {
      "cve": "CVE-2023-32695",
      "notes": [
        {
          "category": "description",
          "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033720",
          "T033718",
          "T033705"
        ]
      },
      "release_date": "2024-01-09T23:00:00.000+00:00",
      "title": "CVE-2023-32695"
    },
    {
      "cve": "CVE-2023-45133",
      "notes": [
        {
          "category": "description",
          "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese sind auf Fehler bei Komponenten von Drittanbietern zur\u00fcckzuf\u00fchren. Ein entfernter, anonymer Angreifer kann diese Schwachstellen ausnutzen, um beliebigen Programmcode auszuf\u00fchren, einen Denial of Service Zustand herbeizuf\u00fchren oder unbekannte Auswirkungen zu verursachen. Einige der Schwachstellen ben\u00f6tigen eine Benutzerinteraktion zur erfolgreichen Ausnutzung."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033720",
          "T033718",
          "T033705"
        ]
      },
      "release_date": "2024-01-09T23:00:00.000+00:00",
      "title": "CVE-2023-45133"
    },
    {
      "cve": "CVE-2024-22164",
      "notes": [
        {
          "category": "description",
          "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese bestehen in der Komponente \"Investigator\" und sind auf Fehler bei der Verarbeitung von Requests und Investigationen zur\u00fcckzuf\u00fchren. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033720",
          "T033718",
          "T033705"
        ]
      },
      "release_date": "2024-01-09T23:00:00.000+00:00",
      "title": "CVE-2024-22164"
    },
    {
      "cve": "CVE-2024-22165",
      "notes": [
        {
          "category": "description",
          "text": "In Splunk Enterprise existieren mehrere Schwachstellen. Diese bestehen in der Komponente \"Investigator\" und sind auf Fehler bei der Verarbeitung von Requests und Investigationen zur\u00fcckzuf\u00fchren. Ein entfernter, authentisierter Angreifer kann diese Schwachstelle ausnutzen, um einen Denial of Service Zustand herbeizuf\u00fchren."
        }
      ],
      "product_status": {
        "known_affected": [
          "T033720",
          "T033718",
          "T033705"
        ]
      },
      "release_date": "2024-01-09T23:00:00.000+00:00",
      "title": "CVE-2024-22165"
    }
  ]
}

GHSA-CQMJ-92XF-R6R9

Vulnerability from github – Published: 2023-05-23 19:55 – Updated: 2024-11-18 16:26

Summary

Insufficient validation when decoding a Socket.IO packet

Details

Impact

A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process.

TypeError: Cannot convert object to primitive value
       at Socket.emit (node:events:507:25)
       at .../node_modules/socket.io/lib/socket.js:531:14

Patches

A fix has been released today (2023/05/22):

https://github.com/socketio/socket.io-parser/commit/3b78117bf6ba7e99d7a5cfc1ba54d0477554a7f3, included in socket.io-parser@4.2.3
https://github.com/socketio/socket.io-parser/commit/2dc3c92622dad113b8676be06f23b1ed46b02ced, included in socket.io-parser@3.4.3

Another fix has been released for the 3.3.x branch:

https://github.com/socketio/socket.io-parser/commit/ee006607495eca4ec7262ad080dd3a91439a5ba4, included in `socket.io-parser@3.3.4

`socket.io` version	`socket.io-parser` version	Needs minor update?
`4.5.2...latest`	`~4.2.0` (ref)	`npm audit fix` should be sufficient
`4.1.3...4.5.1`	`~4.1.1` (ref)	Please upgrade to `socket.io@4.6.x`
`3.0.5...4.1.2`	`~4.0.3` (ref)	Please upgrade to `socket.io@4.6.x`
`3.0.0...3.0.4`	`~4.0.1` (ref)	Please upgrade to `socket.io@4.6.x`
`2.3.0...2.5.0`	`~3.4.0` (ref)	`npm audit fix` should be sufficient

Workarounds

There is no known workaround except upgrading to a safe version.

For more information

If you have any questions or comments about this advisory:

Open a discussion here

Thanks to @rafax00 for the responsible disclosure.

Severity ?

7.3 (High)


                  
                    CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

6.9 (Medium)


                  
                    CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N

Show details on source website

JSON

To clipboard

{
  "affected": [
    {
      "package": {
        "ecosystem": "npm",
        "name": "socket.io-parser"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "4.0.4"
            },
            {
              "fixed": "4.2.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "socket.io-parser"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "3.4.0"
            },
            {
              "fixed": "3.4.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    },
    {
      "package": {
        "ecosystem": "npm",
        "name": "socket.io-parser"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.3.4"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2023-32695"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-20",
      "CWE-754"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2023-05-23T19:55:13Z",
    "nvd_published_at": "2023-05-27T16:15:09Z",
    "severity": "MODERATE"
  },
  "details": "### Impact\n\nA specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process.\n\n```\nTypeError: Cannot convert object to primitive value\n       at Socket.emit (node:events:507:25)\n       at .../node_modules/socket.io/lib/socket.js:531:14\n```\n\n### Patches\n\nA fix has been released today (2023/05/22):\n\n- https://github.com/socketio/socket.io-parser/commit/3b78117bf6ba7e99d7a5cfc1ba54d0477554a7f3, included in `socket.io-parser@4.2.3`\n- https://github.com/socketio/socket.io-parser/commit/2dc3c92622dad113b8676be06f23b1ed46b02ced, included in `socket.io-parser@3.4.3`\n\n\nAnother fix has been released for the `3.3.x` branch:\n\n- https://github.com/socketio/socket.io-parser/commit/ee006607495eca4ec7262ad080dd3a91439a5ba4, included in `socket.io-parser@3.3.4\n\n| `socket.io` version | `socket.io-parser` version                                                                              | Needs minor update?                  |\n|---------------------|---------------------------------------------------------------------------------------------------------|--------------------------------------|\n| `4.5.2...latest`    | `~4.2.0` ([ref](https://github.com/socketio/socket.io/commit/9890b036cf942f6b6ad2afeb6a8361c32cd5d528)) | `npm audit fix` should be sufficient |\n| `4.1.3...4.5.1`     | `~4.1.1` ([ref](https://github.com/socketio/socket.io/commit/7c44893d7878cd5bba1eff43150c3e664f88fb57)) | Please upgrade to `socket.io@4.6.x`  |\n| `3.0.5...4.1.2`     | `~4.0.3` ([ref](https://github.com/socketio/socket.io/commit/752dfe3b1e5fecda53dae899b4a39e6fed5a1a17)) | Please upgrade to `socket.io@4.6.x`  |\n| `3.0.0...3.0.4`     | `~4.0.1` ([ref](https://github.com/socketio/socket.io/commit/1af3267e3f5f7884214cf2ca4d5282d620092fb0)) | Please upgrade to `socket.io@4.6.x`  |\n| `2.3.0...2.5.0`     | `~3.4.0` ([ref](https://github.com/socketio/socket.io/commit/cf39362014f5ff13a17168b74772c43920d6e4fd)) | `npm audit fix` should be sufficient |\n\n\n### Workarounds\n\nThere is no known workaround except upgrading to a safe version.\n\n### For more information\n\nIf you have any questions or comments about this advisory:\n\n- Open a discussion [here](https://github.com/socketio/socket.io/discussions)\n\nThanks to [@rafax00](https://github.com/rafax00) for the responsible disclosure.\n",
  "id": "GHSA-cqmj-92xf-r6r9",
  "modified": "2024-11-18T16:26:29Z",
  "published": "2023-05-23T19:55:13Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/socketio/socket.io-parser/security/advisories/GHSA-cqmj-92xf-r6r9"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2023-32695"
    },
    {
      "type": "WEB",
      "url": "https://github.com/socketio/socket.io-parser/commit/1c220ddbf45ea4b44bc8dbf6f9ae245f672ba1b9"
    },
    {
      "type": "WEB",
      "url": "https://github.com/socketio/socket.io-parser/commit/2dc3c92622dad113b8676be06f23b1ed46b02ced"
    },
    {
      "type": "WEB",
      "url": "https://github.com/socketio/socket.io-parser/commit/3b78117bf6ba7e99d7a5cfc1ba54d0477554a7f3"
    },
    {
      "type": "WEB",
      "url": "https://github.com/socketio/socket.io-parser/commit/ee006607495eca4ec7262ad080dd3a91439a5ba4"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/socketio/socket.io-parser"
    },
    {
      "type": "WEB",
      "url": "https://github.com/socketio/socket.io-parser/releases/tag/4.2.3"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
      "type": "CVSS_V3"
    },
    {
      "score": "CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:L/VI:L/VA:L/SC:N/SI:N/SA:N",
      "type": "CVSS_V4"
    }
  ],
  "summary": "Insufficient validation when decoding a Socket.IO packet"
}

FKIE_CVE-2023-32695

Vulnerability from fkie_nvd - Published: 2023-05-27 16:15 - Updated: 2024-11-21 08:03

Severity ?

7.3 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L
7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Summary

References

URL	Tags
security-advisories@github.com	https://github.com/socketio/socket.io-parser/commit/2dc3c92622dad113b8676be06f23b1ed46b02ced	Patch
security-advisories@github.com	https://github.com/socketio/socket.io-parser/commit/3b78117bf6ba7e99d7a5cfc1ba54d0477554a7f3	Patch
security-advisories@github.com	https://github.com/socketio/socket.io-parser/releases/tag/4.2.3	Release Notes
security-advisories@github.com	https://github.com/socketio/socket.io-parser/security/advisories/GHSA-cqmj-92xf-r6r9	Vendor Advisory
af854a3a-2127-422b-91ae-364da2661108	https://github.com/socketio/socket.io-parser/commit/2dc3c92622dad113b8676be06f23b1ed46b02ced	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/socketio/socket.io-parser/commit/3b78117bf6ba7e99d7a5cfc1ba54d0477554a7f3	Patch
af854a3a-2127-422b-91ae-364da2661108	https://github.com/socketio/socket.io-parser/releases/tag/4.2.3	Release Notes
af854a3a-2127-422b-91ae-364da2661108	https://github.com/socketio/socket.io-parser/security/advisories/GHSA-cqmj-92xf-r6r9	Vendor Advisory

Impacted products

	Vendor	Product	Version
	socket	socket.io-parser	*
	socket	socket.io-parser	*

JSON

To clipboard

{
  "configurations": [
    {
      "nodes": [
        {
          "cpeMatch": [
            {
              "criteria": "cpe:2.3:a:socket:socket.io-parser:*:*:*:*:*:node.js:*:*",
              "matchCriteriaId": "1DC31C5F-524B-478D-A85F-0D4F4DCCFF28",
              "versionEndExcluding": "3.4.3",
              "versionStartIncluding": "3.4.0",
              "vulnerable": true
            },
            {
              "criteria": "cpe:2.3:a:socket:socket.io-parser:*:*:*:*:*:node.js:*:*",
              "matchCriteriaId": "994E08C3-8408-4FA3-AA7A-A2C13CD20AC9",
              "versionEndExcluding": "4.2.3",
              "versionStartIncluding": "4.0.4",
              "vulnerable": true
            }
          ],
          "negate": false,
          "operator": "OR"
        }
      ]
    }
  ],
  "cveTags": [],
  "descriptions": [
    {
      "lang": "en",
      "value": "socket.io parser is a socket.io encoder and decoder written in JavaScript complying with version 5 of socket.io-protocol. A specially crafted Socket.IO packet can trigger an uncaught exception on the Socket.IO server, thus killing the Node.js process. A patch has been released in version 4.2.3.\n\n"
    }
  ],
  "id": "CVE-2023-32695",
  "lastModified": "2024-11-21T08:03:52.187",
  "metrics": {
    "cvssMetricV31": [
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "LOW",
          "baseScore": 7.3,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "LOW",
          "integrityImpact": "LOW",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.4,
        "source": "security-advisories@github.com",
        "type": "Secondary"
      },
      {
        "cvssData": {
          "attackComplexity": "LOW",
          "attackVector": "NETWORK",
          "availabilityImpact": "HIGH",
          "baseScore": 7.5,
          "baseSeverity": "HIGH",
          "confidentialityImpact": "NONE",
          "integrityImpact": "NONE",
          "privilegesRequired": "NONE",
          "scope": "UNCHANGED",
          "userInteraction": "NONE",
          "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
          "version": "3.1"
        },
        "exploitabilityScore": 3.9,
        "impactScore": 3.6,
        "source": "nvd@nist.gov",
        "type": "Primary"
      }
    ]
  },
  "published": "2023-05-27T16:15:09.433",
  "references": [
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/socketio/socket.io-parser/commit/2dc3c92622dad113b8676be06f23b1ed46b02ced"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/socketio/socket.io-parser/commit/3b78117bf6ba7e99d7a5cfc1ba54d0477554a7f3"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/socketio/socket.io-parser/releases/tag/4.2.3"
    },
    {
      "source": "security-advisories@github.com",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/socketio/socket.io-parser/security/advisories/GHSA-cqmj-92xf-r6r9"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/socketio/socket.io-parser/commit/2dc3c92622dad113b8676be06f23b1ed46b02ced"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Patch"
      ],
      "url": "https://github.com/socketio/socket.io-parser/commit/3b78117bf6ba7e99d7a5cfc1ba54d0477554a7f3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Release Notes"
      ],
      "url": "https://github.com/socketio/socket.io-parser/releases/tag/4.2.3"
    },
    {
      "source": "af854a3a-2127-422b-91ae-364da2661108",
      "tags": [
        "Vendor Advisory"
      ],
      "url": "https://github.com/socketio/socket.io-parser/security/advisories/GHSA-cqmj-92xf-r6r9"
    }
  ],
  "sourceIdentifier": "security-advisories@github.com",
  "vulnStatus": "Modified",
  "weaknesses": [
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-20"
        }
      ],
      "source": "security-advisories@github.com",
      "type": "Secondary"
    },
    {
      "description": [
        {
          "lang": "en",
          "value": "CWE-754"
        }
      ],
      "source": "nvd@nist.gov",
      "type": "Primary"
    }
  ]
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CVE-2023-32695 (GCVE-0-2023-32695)

CERTFR-2024-AVI-0015

Solution

CERTFR-2024-AVI-0015

Solution

GSD-2023-32695

WID-SEC-W-2023-1800

WID-SEC-W-2024-0049

GHSA-CQMJ-92XF-R6R9

Impact

Patches

Workarounds

For more information

FKIE_CVE-2023-32695

Tags

Sightings

Nomenclature