CVE-2019-11467 - Vulnerability Details - OpenCVE

In Couchbase Server 4.6.3 and 5.5.0, secondary indexing encodes the entries to be indexed using collatejson. When index entries contain certain characters like \t, <, >, it caused buffer overrun as encoded string would be much larger than accounted for, causing indexer service to crash and restart. This has been remedied in versions 5.1.2 and 5.5.2 to ensure buffer always grows as needed for any input.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact None

Integrity Impact None

Availability Impact High

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact None

Integrity Impact None

Availability Impact Complete

This CVE is not in the KEV list.

Key SSVC decision points have not yet been added.

Vendors	Products
Couchbase	Couchbase Server

Configuration 1 [-]

OR	cpe:2.3:a:couchbase:couchbase_server:4.6.3:::::::*
	cpe:2.3:a:couchbase:couchbase_server:5.5.0:::::::*

No data.

References

Link	Providers
https://www.couchbase.com/resources/security#SecurityAlerts

History

No history.

MITRE

Status: PUBLISHED

Assigner: mitre

Published: 2019-09-10T17:21:50

Updated: 2024-08-04T22:55:40.527Z

Reserved: 2019-04-22T00:00:00

Link: CVE-2019-11467

Vulnrichment

No data.

NVD

Status : Modified

Published: 2019-09-10T18:15:12.367

Modified: 2024-11-21T04:21:08.343

Link: CVE-2019-11467

Redhat

No data.

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "descriptions": [{"lang": "en", "value": "In Couchbase Server 4.6.3 and 5.5.0, secondary indexing encodes the entries to be indexed using collatejson. When index entries contain certain characters like \\t, <, >, it caused buffer overrun as encoded string would be much larger than accounted for, causing indexer service to crash and restart. This has been remedied in versions 5.1.2 and 5.5.2 to ensure buffer always grows as needed for any input."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2019-09-26T18:53:13", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_MISC"], "url": "https://www.couchbase.com/resources/security#SecurityAlerts"}], "source": {"discovery": "INTERNAL"}, "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2019-11467", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "In Couchbase Server 4.6.3 and 5.5.0, secondary indexing encodes the entries to be indexed using collatejson. When index entries contain certain characters like \\t, <, >, it caused buffer overrun as encoded string would be much larger than accounted for, causing indexer service to crash and restart. This has been remedied in versions 5.1.2 and 5.5.2 to ensure buffer always grows as needed for any input."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "https://www.couchbase.com/resources/security#SecurityAlerts", "refsource": "MISC", "url": "https://www.couchbase.com/resources/security#SecurityAlerts"}]}, "source": {"discovery": "INTERNAL"}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-04T22:55:40.527Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_MISC", "x_transferred"], "url": "https://www.couchbase.com/resources/security#SecurityAlerts"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2019-11467", "datePublished": "2019-09-10T17:21:50", "dateReserved": "2019-04-22T00:00:00", "dateUpdated": "2024-08-04T22:55:40.527Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:couchbase:couchbase_server:4.6.3:*:*:*:*:*:*:*", "matchCriteriaId": "67268D7C-0C49-498A-91BB-397AC6E0D8BF", "vulnerable": true}, {"criteria": "cpe:2.3:a:couchbase:couchbase_server:5.5.0:*:*:*:*:*:*:*", "matchCriteriaId": "BFEE047D-53C8-4851-A814-57125B21E01A", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "In Couchbase Server 4.6.3 and 5.5.0, secondary indexing encodes the entries to be indexed using collatejson. When index entries contain certain characters like \\t, <, >, it caused buffer overrun as encoded string would be much larger than accounted for, causing indexer service to crash and restart. This has been remedied in versions 5.1.2 and 5.5.2 to ensure buffer always grows as needed for any input."}, {"lang": "es", "value": "En Couchbase Server versiones, 4.6.3 y 5.5.0, la indexaci\u00f3n secundaria codifica las entradas que se indexar\u00e1n mediante collatejson. Cuando las entradas de \u00edndice contienen ciertos caracteres como \\ t, <,>, se produce el desbordamiento del b\u00fafer ya que la cadena codificada ser\u00eda mucho m\u00e1s grande de lo que se tiene en cuenta, lo que hace que el servicio del indexador se bloquee y reinicie. Esto se ha solucionado en las versiones 5.1.2 y 5.5.2 para garantizar que el b\u00fafer siempre crezca seg\u00fan sea necesario para cualquier entrada."}], "id": "CVE-2019-11467", "lastModified": "2024-11-21T04:21:08.343", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "HIGH", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "COMPLETE", "baseScore": 7.8, "confidentialityImpact": "NONE", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 6.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2019-09-10T18:15:12.367", "references": [{"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "https://www.couchbase.com/resources/security#SecurityAlerts"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "https://www.couchbase.com/resources/security#SecurityAlerts"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-119"}], "source": "nvd@nist.gov", "type": "Primary"}]}