Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix cve-2023-32712 #305

Closed
hsekowski-splunk opened this issue Aug 15, 2023 · 1 comment
Closed

fix cve-2023-32712 #305

hsekowski-splunk opened this issue Aug 15, 2023 · 1 comment

Comments

@hsekowski-splunk
Copy link
Contributor

https://nvd.nist.gov/vuln/detail/CVE-2023-32712

Manual test shows fix is not needed by the solnlib side.
The test was done following way:

  1. solnlib_demo_collector was modified by adding code as below:
    msg = "ASCII Table in one string: " for i in range(128): msg += chr(i) logger.info(msg)
  2. In Splunk Enterprise Version:9.0.4.1 it gives log entry like
    04/08/2023 14:12:53.165 2023-08-04 14:12:53,165 INFO pid=1641 tid=MainThread file=solnlib_demo_collector.py:do_run:77 | ASCII Table in one string: \x00�������� � ������������������ !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_abcdefghijklmnopqrstuvwxyz{|}~�
    host = custom-servernamesource = /opt/splunk/var/log/splunk/solnlib_demo_collector.logsourcetype = solnlib_demo_collector
    `
  3. in Splunk Enterprise Version:9.1.0.2 it is
    04/08/2023 17:38:28.551 2023-08-04 17:38:28,551 INFO pid=15511 tid=MainThread file=solnlib_demo_collector.py:do_run:77 | ASCII Table in one string: \x00\x01\x02\x03\x04\x05\x06\x07\x08 \x0b\x0c \x0e\x0f\x10\x11\x12\x13\x14\x15\x16\x17\x18\x19\x1a\x1b\x1c\x1d\x1e\x1f !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_abcdefghijklmnopqrstuvwxyz{|}~\x7f
    host = ip-172-31-44-228source = /opt/splunk/var/log/splunk/solnlib_demo_collector.logsourcetype = solnlib_demo_collector-2
    `

This issue is created to add automated test to the solnlib

@artemrys
Copy link
Member

Done in #306

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants