Enterprise Security Alerts | Critical Couchbase Alerts

This page lists critical alerts and advisories for Couchbase.

Enterprise Security Alerts

CVE	Synopsis	Impact (CVSS)	Products	Affects Version	Fix Version	Publish Date
CVE-2023-44487	Upgrade gRPC to v1.58.3 The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly.	High (7.5)	Couchbase Server	Server 7.2.2, 7.2.1, 7.2.0, 7.1.5, 7.1.4, 7.1.3, 7.1.2, 7.1.1, 7.1.0, 7.0.x, 6.x, 5.x, 4.x	Server 7.2.3, 7.1.6	November 2023
CVE-2023-44487	Upgrade Golang to 1.20.10 The HTTP/2 protocol allows a denial of service because request cancellation can reset many streams quickly.	High (7.5)	Couchbase Server	Server 7.2.2, 7.2.1, 7.2.0, 7.1.5, 7.1.4, 7.1.3, 7.1.2, 7.1.1, 7.1.0, 7.0.x, 6.x, 5.x, 4.x	Server 7.2.3, 7.1.6	November 2023
CVE-2023-0464	Upgrade to OpenSSL 1.1.1u A vulnerability in OpenSSL related to the verification of X.509 certificate chains that include policy constraints., which would allow attackers to be able to exploit this vulnerability by creating a malicious certificate chain that triggers exponential use of computational resources, leading to a denial-of-service (DoS) attack on affected systems.	High (7.5)	Couchbase Server	Server 7.2.0, 7.1.4, 7.1.3, 7.1.2, 7.1.1, 7.1.0, 7.0.x, 6.x, 5.x, 4.x, 3.x, 2.x	Server 7.2.1, 7.1.5	November 2023
CVE-2022-41723	Update of GoLang to 1.19.9 A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of small requests.	High (7.5)	Couchbase Server	Server 7.2.0, 7.1.4, 7.1.3, 7.1.2, 7.1.1, 7.1.0, 7.0.x, 6.x, 5.x, 4.x	Server 7.2.1, 7.1.5	November 2023
CVE-2023-3079 CVE-2023-2033	Update V8 to 11.4.185.1 Type confusion in V8 in Google Chrome prior to 114.0.5735.110 allowed a remote attacker to potentially exploit heap corruption via a crafted HTML page.	High (8.0)	Couchbase Server	Server 7.2.0, 7.1.4, 7.1.3, 7.1.2, 7.1.1, 7.1.0, 7.0.x, 6.x, 5.x, 4.x, 3.x, 2.x	Server 7.2.1, 7.1.5	November 2023
CVE-2023-21930 CVE-2023-21954 CVE-2023-21967 CVE-2023-21939 CVE-2023-21938 CVE-2023-21937 CVE-2023-21968	Update OpenJDK to 11.0.19 Update OpenJDK to versions 11.0.19 to resolve numerous CVEs	High (7.4)	Couchbase Server	Server 7.1.4, 7.1.3, 7.1.2, 7.1.1, 7.1.0, 7.0.x, 6.6.x	Server 7.1.5	November 2023