CVE-2018-14632

An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management.

Published: Sep 6, 2018
Updated: May 9, 2024
CVE: CVE-2018-14632
GHSA: GHSA-gxhv-3hwf-wjp9
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.7
AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

CVSS v2:

Severity: Low
Score: 4
AV:N/AC:L/Au:S/C:N/I:N/A:P

CWEs:

CWE-787

Affected Software
References

Software	From	Fixed in
redhat / openshift_container_platform	3.9	3.9.x
redhat / openshift_container_platform	3.11	3.11.x
redhat / openshift_container_platform	3.10	3.10.x
redhat / openshift_container_platform	-	3.7.x
github.com/evanphx/json-patch	-	0.5.2
github.com/evanphx/json-patch	3.0.0	3.0.1-0.20180525145409-4c9aadca8f89

https://access.redhat.com/errata/RHBA-2018:2652
https://access.redhat.com/errata/RHSA-2018:2654
https://access.redhat.com/errata/RHSA-2018:2709
https://access.redhat.com/errata/RHSA-2018:2906
https://access.redhat.com/errata/RHSA-2018:2908
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14632
https://github.com/evanphx/json-patch/commit/4c9aadca8f89e349c999f04e28199e96e81aba03
https://github.com/evanphx/json-patch/commit/4c9aadca8f89e349c999f04e28199e96e81aba03#diff-65c563bba473be9d94ce4d033f74810e
https://github.com/evanphx/json-patch/pull/57
https://pkg.go.dev/vuln/GO-2021-0076

Vulnerability Database

289,599

CVE-2018-14632