CVE-2018-14632

HIGH

OpenShift Container Platform <3.7 - Memory Corruption

Title source: llm
STIX 2.1

Description

An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management.

References (7)

Core 7
Core References
Issue Tracking, Patch, Vendor Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14632
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHBA-2018:2652
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2654
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2908
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2906
Vendor Advisory vendor-advisory x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2709

Scores

CVSS v3 7.7
EPSS 0.0195
EPSS Percentile 77.8%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Details

CWE
CWE-787
Status published
Products (6)
evanphx/json-patch 0 - 0.5.2Go
redhat/openshift_container_platform 3.9
redhat/openshift_container_platform 3.10
redhat/openshift_container_platform 3.11
redhat/openshift_container_platform < 3.7
starcounter-jack/json-patch
Published Sep 06, 2018
Tracked Since Feb 18, 2026