CVE-2023-43768

An issue was discovered in Couchbase Server 6.6.x through 7.2.0, before 7.1.5 and 7.2.1. Unauthenticated users may cause memcached to run out of memory via large commands.

CVSS v3 7.5 HIGH

7.5^/10

CVSS v3 : HIGH

Vector :

Exploitability : 3.9 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://docs.couchbase.com/server/current/release-notes/relnotes.html	Release Notes
https://forums.couchbase.com/tags/security	Product
https://www.couchbase.com/alerts/	Vendor Advisory
https://www.couchbase.com/downloads	Product
https://docs.couchbase.com/server/current/release-notes/relnotes.html	Release Notes
https://forums.couchbase.com/tags/security	Product
https://www.couchbase.com/alerts/	Vendor Advisory
https://www.couchbase.com/downloads	Product

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:couchbase:couchbase_server::::::::
	cpe:2.3:a:couchbase:couchbase_server:7.2.0:::::::*

History

23 Apr 2025, 16:26

Type	Values Removed	Values Added
References	~~() https://docs.couchbase.com/server/current/release-notes/relnotes.html -~~	() https://docs.couchbase.com/server/current/release-notes/relnotes.html - Release Notes
References	~~() https://forums.couchbase.com/tags/security -~~	() https://forums.couchbase.com/tags/security - Product
References	~~() https://www.couchbase.com/alerts/ -~~	() https://www.couchbase.com/alerts/ - Vendor Advisory
References	~~() https://www.couchbase.com/downloads -~~	() https://www.couchbase.com/downloads - Product
First Time		Couchbase Couchbase couchbase Server
CPE		cpe:2.3:a:couchbase:couchbase_server:7.2.0:::::::* cpe:2.3:a:couchbase:couchbase_server::::::::

Information

Published : 2024-03-27 07:15

Updated : 2025-04-23 16:26

NVD link : CVE-2023-43768

Mitre link : CVE-2023-43768

CVE.ORG link : CVE-2023-43768

JSON object : View

Products Affected

couchbase

couchbase_server

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

{"id": "CVE-2023-43768", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 3.9}]}, "published": "2024-03-27T07:15:48.390", "references": [{"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html", "tags": ["Release Notes"], "source": "cve@mitre.org"}, {"url": "https://forums.couchbase.com/tags/security", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://www.couchbase.com/alerts/", "tags": ["Vendor Advisory"], "source": "cve@mitre.org"}, {"url": "https://www.couchbase.com/downloads", "tags": ["Product"], "source": "cve@mitre.org"}, {"url": "https://docs.couchbase.com/server/current/release-notes/relnotes.html", "tags": ["Release Notes"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://forums.couchbase.com/tags/security", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.couchbase.com/alerts/", "tags": ["Vendor Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://www.couchbase.com/downloads", "tags": ["Product"], "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Secondary", "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "description": [{"lang": "en", "value": "CWE-770"}]}], "descriptions": [{"lang": "en", "value": "An issue was discovered in Couchbase Server 6.6.x through 7.2.0, before 7.1.5 and 7.2.1. Unauthenticated users may cause memcached to run out of memory via large commands."}, {"lang": "es", "value": "Se descubri\u00f3 un problema en Couchbase Server 6.6.x hasta 7.2.0, anteriores a 7.1.5 y 7.2.1. Los usuarios no autenticados pueden hacer que Memcached se quede sin memoria mediante comandos grandes."}], "lastModified": "2025-04-23T16:26:31.793", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:couchbase:couchbase_server:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "B6785960-AEB2-4648-9EC8-47967CE1CCBC", "versionEndExcluding": "7.1.5", "versionStartIncluding": "6.6.0"}, {"criteria": "cpe:2.3:a:couchbase:couchbase_server:7.2.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FBF7BB41-6DE4-45D5-81FE-A3CC055853F1"}], "operator": "OR"}]}], "sourceIdentifier": "cve@mitre.org"}