CVE-2018-14632 — Out-of-bounds Write in Evanphx Json-patch

CWE-787 — Out-of-bounds Write8 documents6 sources

Severity

7.7HIGHNVD

EPSS

0.5%

top 33.56%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Github.com Evanphx Json-patch Redhat Openshift Container Platform RED HAT Atomic-openshift

Timeline

PublishedSep 6

Latest updateMay 13

Description

An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:HExploitability: 3.1 | Impact: 4.0

Affected Packages3 packages

▶NVDredhat/openshift_container_platform3.7+3

▶CVEListV5red_hat/atomic-openshiftatomic-openshift-3.7

▶Gogithub.com/evanphx_json-patch3.0.0+incompatible — 3.0.1-0.20180525145409-4c9aadca8f89+incompatible+2

Patches

Patch: bugzilla.redhat.com ↗Patch: github.com ↗Patch: bugzilla.redhat.com ↗

🔴Vulnerability Details

GHSA

JSON-Patch Out-of-bounds Write vulnerability↗2022-05-13

▶

OSV

JSON-Patch Out-of-bounds Write vulnerability↗2022-05-13

▶

OSV

Out-of-bounds write in github.com/evanphx/json-patch↗2021-04-14

▶

CVEList

CVE-2018-14632: An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3↗2018-09-06

▶

OSV

CVE-2018-14632: An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3↗2018-09-06

▶

📋Vendor Advisories

Red Hat

atomic-openshift: oc patch with json causes masterapi service crash↗2018-09-06

▶

💬Community

Bugzilla

CVE-2018-14632 atomic-openshift: oc patch with json causes masterapi service crash↗2018-09-06

▶