CVE-2018-14632

high

Description

An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management.

References

https://github.com/evanphx/json-patch/commit/4c9aadca8f89e349c999f04e28199e96e81aba03#diff-65c563bba473be9d94ce4d033f74810e

https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14632

https://access.redhat.com/errata/RHSA-2018:2908

https://access.redhat.com/errata/RHSA-2018:2906

https://access.redhat.com/errata/RHSA-2018:2709

https://access.redhat.com/errata/RHSA-2018:2654

https://access.redhat.com/errata/RHBA-2018:2652

Details

Source: Mitre, NVD

Published: 2018-09-06

Updated: 2023-02-07

Risk Information

CVSS v2

Base Score: 4

Vector: CVSS2#AV:N/AC:L/Au:S/C:N/I:N/A:P

Severity: Medium

CVSS v3

Base Score: 7.7

Vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H

Severity: High