In Couchbase Server 4.6.3 and 5.5.0, secondary indexing encodes the entries to be indexed using collatejson. When index entries contain certain characters like \t, <, >, it caused buffer overrun as encoded string would be much larger than accounted for, causing indexer service to crash and restart. This has been remedied in versions 5.1.2 and 5.5.2 to ensure buffer always grows as needed for any input.

Published : 2019-09-10 18:15 Updated : 2019-09-26 19:15

CVSS Score More info
Score 7.8 / 10
Vendor Product Version URI
Couchbase Couchbase Server 4.6.3 cpe:/a:couchbase:couchbase_server:4.6.3
Couchbase Couchbase Server 5.5.0 cpe:/a:couchbase:couchbase_server:5.5.0
  1. Couchbase (1) Search CVE
    1. Couchbase Server (2) Search CVE
      1. 4.6.3
      2. 5.5.0


ID Name Description Links
CWE-400 Uncontrolled Resource Consumption ('Resource Exhaustion') The software does not properly restrict the size or amount of resources that are requested or influenced by an actor, which can be used to consume more resources than intended. CVE

History of changes

Date Event
2019-09-26 19:15
2019-09-11 17:39
2019-09-10 18:19