CVE-2022-37439

MEDIUM Year: 2022
CVSS v3 Score
5.5
Medium
Weakness Type
CWE-409
View all →

Vulnerability Description

In Splunk Enterprise and Universal Forwarder versions in the following table, indexing a specially crafted ZIP file using the file monitoring input can result in a crash of the application. Attempts to restart the application would result in a crash and would require manually removing the malformed file.

Related Vulnerabilities

CVE-2023-26483

MEDIUM
CVSS:5.3(Medium)

gosaml2 is a Pure Go implementation of SAML 2.0. SAML Service Providers using this library for SAML authentication support are likely susceptible to Denial of Service attacks. A bug in this library en...

CWE-4092023

CVE-2017-16129

MEDIUM
CVSS:5.9(Medium)

The HTTP client module superagent is vulnerable to ZIP bomb attacks. In a ZIP bomb attack, the HTTP server replies with a compressed response that becomes several magnitudes larger once uncompressed. ...

CWE-4092017

CVE-2023-0475

MEDIUM
CVSS:6.5(Medium)

HashiCorp go-getter up to 1.6.2 and 2.1.1 is vulnerable to decompression bombs. Fixed in 1.7.0 and 2.2.0.

CWE-4092023

CVE-2023-0821

MEDIUM
CVSS:6.5(Medium)

HashiCorp Nomad and Nomad Enterprise 1.2.15 up to 1.3.8, and 1.4.3 jobs using a maliciously compressed artifact stanza source can cause excessive disk usage. Fixed in 1.2.16, 1.3.9, and 1.4.4.

CWE-4092023

CVE-2024-1947

MEDIUM
CVSS:6.5(Medium)

A denial of service (DoS) condition was discovered in GitLab CE/EE affecting all versions from 13.2.4 before 16.10.6, 16.11 before 16.11.3, and 17.0 before 17.0.1. By leveraging this vulnerability an ...

CWE-4092024

CVE-2024-54682

MEDIUM
CVSS:6.5(Medium)

Mattermost versions 10.1.x <= 10.1.2, 10.0.x <= 10.0.2, 9.11.x <= 9.11.4, 9.5.x <= 9.5.12 fail to limit the file size for slack import file uploads which allows a user to cause a DoS via zip bomb by i...

CWE-4092024