Vulnerability Details CVE-2018-14632
An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.009
EPSS Ranking 74.4%
CVSS Severity
CVSS v3 Score 7.7
CVSS v2 Score 4.0
References
- https://access.redhat.com/errata/RHBA-2018:2652
- https://access.redhat.com/errata/RHSA-2018:2654
- https://access.redhat.com/errata/RHSA-2018:2709
- https://access.redhat.com/errata/RHSA-2018:2906
- https://access.redhat.com/errata/RHSA-2018:2908
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14632
- https://github.com/evanphx/json-patch/commit/4c9aadca8f89e349c999f04e28199e96e81aba03#diff-65c563bba473be9d94ce4d033f74810e
- https://access.redhat.com/errata/RHBA-2018:2652
- https://access.redhat.com/errata/RHSA-2018:2654
- https://access.redhat.com/errata/RHSA-2018:2709
- https://access.redhat.com/errata/RHSA-2018:2906
- https://access.redhat.com/errata/RHSA-2018:2908
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14632
- https://github.com/evanphx/json-patch/commit/4c9aadca8f89e349c999f04e28199e96e81aba03#diff-65c563bba473be9d94ce4d033f74810e
Products affected by CVE-2018-14632
-
cpe:2.3:a:redhat:openshift_container_platform:-
-
cpe:2.3:a:redhat:openshift_container_platform:2.0
-
cpe:2.3:a:redhat:openshift_container_platform:2.1
-
cpe:2.3:a:redhat:openshift_container_platform:2.2
-
cpe:2.3:a:redhat:openshift_container_platform:3.0
-
cpe:2.3:a:redhat:openshift_container_platform:3.1
-
cpe:2.3:a:redhat:openshift_container_platform:3.10
-
cpe:2.3:a:redhat:openshift_container_platform:3.11
-
cpe:2.3:a:redhat:openshift_container_platform:3.2
-
cpe:2.3:a:redhat:openshift_container_platform:3.3
-
cpe:2.3:a:redhat:openshift_container_platform:3.4
-
cpe:2.3:a:redhat:openshift_container_platform:3.5
-
cpe:2.3:a:redhat:openshift_container_platform:3.6
-
cpe:2.3:a:redhat:openshift_container_platform:3.7
-
cpe:2.3:a:redhat:openshift_container_platform:3.9
-
cpe:2.3:a:starcounter-jack:json-patch:-