PT-2023-14162 · Couchbase · Couchbase Server

Published

2023-02-06

Updated

2025-03-26

CVE-2022-42950

CVSS v3.1

4.9

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Name of the Vulnerable Software and Affected Versions Couchbase Server versions 7.0.0 through 7.0.4 Couchbase Server versions 7.1.0 through 7.1.1

Description An issue was discovered in Couchbase Server where a crafted HTTP REST request from an administrator account to the "Couchbase Server Backup Service" can exhaust memory resources, causing the process to be killed, which can be used for denial of service.

Recommendations For Couchbase Server versions 7.0.0 through 7.0.4, update to version 7.0.5 or later. For Couchbase Server versions 7.1.0 through 7.1.1, update to version 7.1.2 or later.

Fix

DoS

Resource Exhaustion

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-400

Related Identifiers

CVE-2022-42950

Affected Products

Couchbase Server

PT-2023-14162 · Couchbase · Couchbase Server

CVE-2022-42950

Weakness Enumeration

Related Identifiers

Affected Products

References · 8