CVEDB API

Vulnerabilities

By Date
Known Exploited
Advanced Search

Vulnerable Software

Vendors
Products

Vulnerability Details CVE-2019-11467

In Couchbase Server 4.6.3 and 5.5.0, secondary indexing encodes the entries to be indexed using collatejson. When index entries contain certain characters like \t, <, >, it caused buffer overrun as encoded string would be much larger than accounted for, causing indexer service to crash and restart. This has been remedied in versions 5.1.2 and 5.5.2 to ensure buffer always grows as needed for any input.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.006

EPSS Ranking 67.1%

CVSS Severity

CVSS v3 Score 7.5

CVSS v2 Score 7.8

References

https://www.couchbase.com/resources/security#SecurityAlerts
https://www.couchbase.com/resources/security#SecurityAlerts

Products affected by CVE-2019-11467

Couchbase » Couchbase Server » Version: 4.6.3

cpe:2.3:a:couchbase:couchbase_server:4.6.3
Couchbase » Couchbase Server » Version: 5.5.0

cpe:2.3:a:couchbase:couchbase_server:5.5.0

Vulnerabilities

Vulnerable Software

Vulnerability Details CVE-2019-11467

Products

Pricing

Contact Us