CVE-2018-14632

An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.7 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
redhatCNA
7.7 HIGH
NETWORK
LOW
LOW
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 74%
VendorProductVersion
redhatopenshift_container_platform
𝑥
≤ 3.7
redhatopenshift_container_platform
3.9
redhatopenshift_container_platform
3.10
redhatopenshift_container_platform
3.11
starcounter-jackjson-patch
-
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
golang-github-evanphx-json-patch
noble
needs-triage
mantic
ignored
lunar
ignored
kinetic
ignored
jammy
needs-triage
impish
ignored
hirsute
ignored
groovy
ignored
focal
needs-triage
eoan
ignored
disco
ignored
cosmic
ignored
bionic
needs-triage
xenial
needs-triage
trusty
dne
Common Weakness Enumeration
References
https://access.redhat.com/errata/RHBA-2018:2652
https://access.redhat.com/errata/RHSA-2018:2654
https://access.redhat.com/errata/RHSA-2018:2709
https://access.redhat.com/errata/RHSA-2018:2906
https://access.redhat.com/errata/RHSA-2018:2908
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14632
https://github.com/evanphx/json-patch/commit/4c9aadca8f89e349c999f04e28199e96e81aba03#diff-65c563bba473be9d94ce4d033f74810e
https://access.redhat.com/errata/RHBA-2018:2652
https://access.redhat.com/errata/RHSA-2018:2654
https://access.redhat.com/errata/RHSA-2018:2709
https://access.redhat.com/errata/RHSA-2018:2906
https://access.redhat.com/errata/RHSA-2018:2908
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14632
https://github.com/evanphx/json-patch/commit/4c9aadca8f89e349c999f04e28199e96e81aba03#diff-65c563bba473be9d94ce4d033f74810e