CVE-2019-11467

{"id": "CVE-2019-11467", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 7.8, "accessVector": "NETWORK", "vectorString": "AV:N/AC:L/Au:N/C:N/I:N/A:C", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "COMPLETE", "confidentialityImpact": "NONE"}, "acInsufInfo": false, "impactScore": 6.9, "baseSeverity": "HIGH", "obtainAllPrivilege": false, "exploitabilityScore": 10.0, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2019-09-10T18:15:12.367", "references": [{"url": "https://www.couchbase.com/resources/security#SecurityAlerts", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.couchbase.com/resources/security#SecurityAlerts", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-119"}]}], "descriptions": [{"lang": "en", "value": "In Couchbase Server 4.6.3 and 5.5.0, secondary indexing encodes the entries to be indexed using collatejson. When index entries contain certain characters like \\t, <, >, it caused buffer overrun as encoded string would be much larger than accounted for, causing indexer service to crash and restart. This has been remedied in versions 5.1.2 and 5.5.2 to ensure buffer always grows as needed for any input."}, {"lang": "es", "value": "En Couchbase Server versiones, 4.6.3 y 5.5.0, la indexaci\u00f3n secundaria codifica las entradas que se indexar\u00e1n mediante collatejson. Cuando las entradas de \u00edndice contienen ciertos caracteres como \\ t, &lt;,&gt;, se produce el desbordamiento del b\u00fafer ya que la cadena codificada ser\u00eda mucho m\u00e1s grande de lo que se tiene en cuenta, lo que hace que el servicio del indexador se bloquee y reinicie. Esto se ha solucionado en las versiones 5.1.2 y 5.5.2 para garantizar que el b\u00fafer siempre crezca seg\u00fan sea necesario para cualquier entrada."}], "lastModified": "2024-11-21T04:21:08.343", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:couchbase:couchbase_server:4.6.3:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "67268D7C-0C49-498A-91BB-397AC6E0D8BF"}, {"criteria": "cpe:2.3:a:couchbase:couchbase_server:5.5.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "BFEE047D-53C8-4851-A814-57125B21E01A"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}