Regular Expression Denial of Service (ReDoS) in Splunk Supporting Add-on for Active Directory (SA-ldapsearch)
Advisory ID: SVD-2025-0103
CVE ID: CVE-2025-0367
Published: 2025-01-15
Last Update: 2025-01-15
CVSSv3.1 Score: 6.5, Medium
CVSSv3.1 Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-1333
Bug ID: VULN-2359
Description
In versions 3.1.0 and lower of the Splunk Supporting Add-on for Active Directory, also known as “SA-ldapsearch”, a vulnerable regular expression pattern could lead to a Regular Expression Denial of Service (ReDoS) attack.
Solution
Upgrade the Splunk Supporting Add-on for Active Directory to version 3.1.1 or higher.
Product Status
| Product | Version | Component | Affected Version | Fix Version |
|---|---|---|---|---|
| Splunk Supporting Add-on for Active Directory | 3.1 | Below 3.1.1 | 3.1.1 |
Mitigations and Workarounds
None
Detections
None
Severity
Splunk rates this vulnerability a 6.5, Medium, with a CVSSv3.1 vector of CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H.
Acknowledgments
Kyle Bambrick, Splunk