Denial of Service via the 'dump' SPL command

Advisory ID: SVD-2023-0611

CVE ID: CVE-2023-32716

Published: 2023-06-01

Last Update: 2023-06-01

CVSSv3.1 Score: 6.5, Medium

CWE: CWE-754

Bug ID: SPL-235572


An attacker can exploit a vulnerability in the ‘dump’ SPL command to cause a denial of service by crashing the Splunk daemon. If the attacker supplies a longer-than-expected filename with the command, a memory access violation, or segmentation fault, occurs, which results in a crash of the Splunk platform instance.


For Splunk Enterprise, upgrade to versions 9.0.5, 8.2.11, 8.1.14, and higher.

For Splunk Cloud Platform, Splunk is actively monitoring and patching affected instances.

Product Status

ProductVersionComponentAffected VersionFix Version
Splunk Enterprise8.1Splunk Web8.1.0 to
Splunk Enterprise8.2Splunk Web8.2.0 to
Splunk Enterprise9.0Splunk Web9.0.0 to
Splunk Cloud PlatformSplunk Web9.0.2303 and below9.0.2303.100

Mitigations and Workarounds

Remove the ‘run_dump’ capability from any roles that users hold.


This hunting detection search provides information about possible denial of service exploitation attempts in Splunk Enterprise versions below 9.0.5, 8.2.11, and 8.1.14.


Splunk rated this vulnerability as Medium, 6.5, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.


Danylo Dmytriiev (DDV_UA)