CVE-2022-42950

low-risk

Published 2023-02-06

An issue was discovered in Couchbase Server 7.x before 7.0.5 and 7.1.x before 7.1.2. A crafted HTTP REST request from an administrator account to the Couchbase Server Backup Service can exhaust memory resources, causing the process to be killed, which can be used for denial of service.

Do I need to act?

1.1% chance of exploitation in next 30 days

EPSS score — moderate exploit probability

Not on CISA KEV list

No confirmed active exploitation reported to CISA

Patch status unknown

Check vendor advisories for fix availability and mitigation guidance

CVSS 4.9/10 Medium

NETWORK / LOW complexity

Affected Products (1)

Couchbase Server

Affected Vendors

Couchbase

References (6)

Release Notes https://docs.couchbase.com/server/current/release-notes/relnotes.html

Issue Tracking https://forums.couchbase.com/tags/security

Vendor Advisory https://www.couchbase.com/alerts/

Release Notes https://docs.couchbase.com/server/current/release-notes/relnotes.html

Issue Tracking https://forums.couchbase.com/tags/security

Vendor Advisory https://www.couchbase.com/alerts/

/ 100

low-risk

Severity 20/34 · Moderate

Exploitability 3/34 · Minimal

Exposure 5/34 · Minimal