CVE-2018-14632
7.7
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Summary
An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| Red Hat | atomic-openshift | atomic-openshift-3.7 | affected |
Weaknesses
- CWE-787: CWE-787
ADP Enrichment
CVE Program Container
Additional References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14632
- https://github.com/evanphx/json-patch/commit/4c9aadca8f89e349c999f04e28199e96e81aba03#diff-65c563bba473be9d94ce4d033f74810e
- https://access.redhat.com/errata/RHBA-2018:2652
- https://access.redhat.com/errata/RHSA-2018:2654
- https://access.redhat.com/errata/RHSA-2018:2908
- https://access.redhat.com/errata/RHSA-2018:2906
- https://access.redhat.com/errata/RHSA-2018:2709
References
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14632
- https://github.com/evanphx/json-patch/commit/4c9aadca8f89e349c999f04e28199e96e81aba03#diff-65c563bba473be9d94ce4d033f74810e
- https://access.redhat.com/errata/RHBA-2018:2652
- https://access.redhat.com/errata/RHSA-2018:2654
- https://access.redhat.com/errata/RHSA-2018:2908
- https://access.redhat.com/errata/RHSA-2018:2906
- https://access.redhat.com/errata/RHSA-2018:2709
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.