CVE-2019-11467

Name of the Vulnerable Software and Affected Versions Couchbase Server versions 4.6.3 through 5.5.0

Description The issue arises when secondary indexing in Couchbase Server encodes entries to be indexed using collatejson. If index entries contain specific characters like t, <, or >, it causes a buffer overrun because the encoded string becomes larger than expected, leading to the indexer service crashing and restarting.

Recommendations For Couchbase Server versions 4.6.3 through 5.1.1, update to version 5.1.2 to ensure the buffer always grows as needed for any input. For Couchbase Server version 5.5.0, update to version 5.5.2 to resolve the issue. For Couchbase Server versions prior to 5.1.2 and 5.5.2, consider restricting the use of characters that may cause buffer overruns in index entries until the issue is resolved.