CVE-2022-42950

Published: Feb 6, 2023Modified: Mar 26, 2025

4.9

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H

Exploitability: 1.2 / Impact: 3.6

Source: NVD

Description

An issue was discovered in Couchbase Server 7.x before 7.0.5 and 7.1.x before 7.1.2. A crafted HTTP REST request from an administrator account to the Couchbase Server Backup Service can exhaust memory resources, causing the process to be killed, which can be used for denial of service.

Affected (2)

Products: Couchbase: Couchbase Server

1 product

Couchbase Server

Configuration A

2 vulnerable

Vulnerable Software	Affected Versions
Couchbase Couchbase Server	From 7.0.0 to 7.0.5
Couchbase Couchbase Server	From 7.1.0 to 7.1.2

Related CWEs

Uncontrolled Resource Consumption

The product does not properly control the allocation and maintenance of a limited resource, thereby enabling an actor to influence the amount of resources consumed, eventually leading to the exhaustion of available resources.

References (6)

https://docs.couchbase.com/server/current/release-notes/relnotes.html

Source: cve@mitre.org

Release Notes

https://forums.couchbase.com/tags/security

Source: cve@mitre.org

Issue Tracking

https://www.couchbase.com/alerts/

Source: cve@mitre.org

Vendor Advisory

https://docs.couchbase.com/server/current/release-notes/relnotes.html

Source: af854a3a-2127-422b-91ae-364da2661108

Release Notes

https://forums.couchbase.com/tags/security

Source: af854a3a-2127-422b-91ae-364da2661108

Issue Tracking

https://www.couchbase.com/alerts/

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.