Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2022-42950

An issue was discovered in Couchbase Server 7.x before 7.0.5 and 7.1.x before 7.1.2. A crafted HTTP REST request from an administrator account to the Couchbase Server Backup Service can exhaust memory resources, causing the process to be killed, which can be used for denial of service.

Published

2023-02-06T21:15:09.300

Last Modified

2025-03-26T15:15:39.937

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 4.9 (MEDIUM)

Weaknesses

Type: Primary
NVD-CWE-noinfo
Type: Secondary
CWE-400

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	couchbase	couchbase_server	< 7.0.5	Yes
Application	couchbase	couchbase_server	< 7.1.2	Yes

References

https://docs.couchbase.com/server/current/release-notes/relnotes.html Release Notes ([email protected])
https://forums.couchbase.com/tags/security Issue Tracking ([email protected])
https://www.couchbase.com/alerts/ Vendor Advisory ([email protected])
https://docs.couchbase.com/server/current/release-notes/relnotes.html Release Notes (af854a3a-2127-422b-91ae-364da2661108)
https://forums.couchbase.com/tags/security Issue Tracking (af854a3a-2127-422b-91ae-364da2661108)
https://www.couchbase.com/alerts/ Vendor Advisory (af854a3a-2127-422b-91ae-364da2661108)