cbcvebase.
CVE-2018-14632
published 2018-09-06

CVE-2018-14632: An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker…

high7.7CVSS 3.1
AVNACLPRLUINSCCNINAH
An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management.

Affected

8 ranges
VendorProductVersion rangeFixed in
github.comevanphx_json-patch>= 0 < 0.5.20.5.2
github.comevanphx_json-patch>= 3.0.0 < 3.0.1-0.20180525145409-4c9aadca8f893.0.1-0.20180525145409-4c9aadca8f89
github.comevanphx_json-patch>= 3.0.0+incompatible < 3.0.1-0.20180525145409-4c9aadca8f89+incompatible3.0.1-0.20180525145409-4c9aadca8f89+incompatible
red_hatatomic-openshift
redhatopenshift_container_platform<= 3.7
redhatopenshift_container_platform
redhatopenshift_container_platform
redhatopenshift_container_platform

CVSS provenance

nvdv3.17.7HIGHCVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
osv7.7HIGH