CVE-2018-14632
HIGHOpenShift Container Platform <3.7 - Memory Corruption
Title source: llmDescription
An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management.
References (7)
Core 7
Core References
Issue Tracking, Patch, Vendor Advisory x_refsource_confirm
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14632
Patch, Third Party Advisory x_refsource_confirm
https://github.com/evanphx/json-patch/commit/4c9aadca8f89e349c999f04e28199e96e81aba03#diff-65c563bba473be9d94ce4d033f74810e
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHBA-2018:2652
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2654
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2908
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2906
Vendor Advisory vendor-advisory
x_refsource_redhat
https://access.redhat.com/errata/RHSA-2018:2709
Scores
CVSS v3
7.7
EPSS
0.0195
EPSS Percentile
77.8%
Attack Vector
NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Details
CWE
CWE-787
Status
published
Products (6)
evanphx/json-patch
0 - 0.5.2Go
redhat/openshift_container_platform
3.9
redhat/openshift_container_platform
3.10
redhat/openshift_container_platform
3.11
redhat/openshift_container_platform
< 3.7
starcounter-jack/json-patch
Published
Sep 06, 2018
Tracked Since
Feb 18, 2026