CVE-2021-35945 – CVE-2021-35945 is a buffer overflow vulnerabili... (How to Fix)

Q: What is the severity of CVE-2021-35945?

CVE-2021-35945 has a CVSS score of 7.5 (HIGH). CVE-2021-35945 is a buffer overflow vulnerability in Couchbase Server's memcached component that allows remote attackers to crash the service via specially crafted network packets. This affects Couchbase Server versions 6.5.x, 6.6.0-6.6.2, and 7.0.0. Organizations running these vulnerable versions with memcached exposed to untrusted networks are at risk.

📋 TL;DR

CVE-2021-35945 is a buffer overflow vulnerability in Couchbase Server's memcached component that allows remote attackers to crash the service via specially crafted network packets. This affects Couchbase Server versions 6.5.x, 6.6.0-6.6.2, and 7.0.0. Organizations running these vulnerable versions with memcached exposed to untrusted networks are at risk.

💻 Affected Systems

Products:

Couchbase Server

Versions: 6.5.x, 6.6.0 through 6.6.2, 7.0.0

Operating Systems: All supported platforms

Default Config Vulnerable: ⚠️ Yes

Notes: Only affects systems with memcached protocol enabled (default on most installations).

📦 What is this software?

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete denial of service affecting all memcached operations, potentially leading to application downtime and data unavailability.

🟠

Likely Case

Service disruption causing memcached crashes and temporary unavailability until service restart.

🟢

If Mitigated

Minimal impact if network segmentation prevents untrusted access to memcached ports.

🌐 Internet-Facing: HIGH - Directly exposed memcached services can be crashed remotely without authentication.

🏢 Internal Only: MEDIUM - Internal attackers or compromised internal systems could exploit this vulnerability.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

Exploitation requires network access to memcached ports (typically 11210-11211). No authentication is required for the attack.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 6.6.3, 7.0.1, and later versions

Vendor Advisory: https://www.couchbase.com/alerts

Restart Required: Yes

Instructions:

1. Backup your Couchbase configuration and data. 2. Download the patched version from Couchbase downloads. 3. Follow Couchbase upgrade procedures for your specific version. 4. Restart Couchbase services after upgrade.

🔧 Temporary Workarounds

Network Segmentation

linux

Restrict access to memcached ports (11210-11211) to trusted networks only

iptables -A INPUT -p tcp --dport 11210:11211 -s TRUSTED_NETWORK -j ACCEPT
iptables -A INPUT -p tcp --dport 11210:11211 -j DROP

Firewall Rules

all

Block external access to memcached ports at network perimeter

🧯 If You Can't Patch

Implement strict network access controls to limit memcached port exposure
Monitor memcached service health and implement automated restart procedures for crashes

🔍 How to Verify

Check if Vulnerable:

Check Couchbase Server version: if running 6.5.x, 6.6.0-6.6.2, or 7.0.0, the system is vulnerable.

Check Version:

couchbase-server --version 2>/dev/null || cat /opt/couchbase/VERSION.txt

Verify Fix Applied:

Verify version is 6.6.3+, 7.0.1+, or later. Test memcached connectivity remains functional.

📡 Detection & Monitoring

Log Indicators:

Unexpected memcached process crashes
Connection resets on memcached ports
Error logs mentioning buffer overflow or segmentation fault

Network Indicators:

Unusual traffic patterns to memcached ports
Malformed packets targeting port 11210-11211

SIEM Query:

source="couchbase.log" AND ("crash" OR "segmentation fault" OR "buffer overflow")

📊 Metadata

CVE ID: CVE-2021-35945

CVSS v3 Score: 7.5 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE: CWE-120

Published: September 29, 2021

Last Updated: November 21, 2024

🔗 References

https://docs.couchbase.com/server/current/release-notes/relnotes.html Release Notes,Vendor Advisory
https://www.couchbase.com/alerts Vendor Advisory
https://docs.couchbase.com/server/current/release-notes/relnotes.html Release Notes,Vendor Advisory
https://www.couchbase.com/alerts Vendor Advisory

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2021-35945, you might also want to check these:

📋 TL;DR

💻 Affected Systems

📦 What is this software?

Couchbase Server by Couchbase

Couchbase Server by Couchbase

Couchbase Server by Couchbase

Couchbase Server by Couchbase

Couchbase Server by Couchbase

⚠️ Risk & Real-World Impact

Worst Case

Likely Case

If Mitigated

🎯 Exploit Status

🛠️ Fix & Mitigation

✅ Official Fix

Instructions:

🔧 Temporary Workarounds

Network Segmentation

Firewall Rules

🧯 If You Can't Patch

🔍 How to Verify

Check if Vulnerable:

Check Version:

Verify Fix Applied:

📡 Detection & Monitoring

Log Indicators:

Network Indicators:

SIEM Query:

📊 Metadata

🔗 References

📤 Share & Export

🔗 Related Vulnerabilities