CVE-2019-11467 — Improper Restriction of Operations within the Bounds of a Memory Buffer in Server

CWE-119 — Improper Restriction of Operations within the Bounds of a Memory Buffer3 documents3 sources
Severity
7.5HIGHNVD
EPSS
0.4%
top 41.30%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Couchbase Server
Timeline
PublishedSep 10
Latest updateMay 24

Description

In Couchbase Server 4.6.3 and 5.5.0, secondary indexing encodes the entries to be indexed using collatejson. When index entries contain certain characters like \t, , it caused buffer overrun as encoded string would be much larger than accounted for, causing indexer service to crash and restart. This has been remedied in versions 5.1.2 and 5.5.2 to ensure buffer always grows as needed for any input.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:HExploitability: 3.9 | Impact: 3.6

Affected Packages1 packages

â–¶NVDcouchbase/couchbase_server4.6.3, 5.5.0+1

🔴Vulnerability Details

2
GHSA
GHSA-mrc2-3r75-vvg6: An issue was discovered in Couchbase Server 4↗2022-05-24
â–¶
CVEList
CVE-2019-11467: In Couchbase Server 4↗2019-09-10
â–¶
CVE-2019-11467 — Couchbase Server vulnerability | cvebase