CVE-2018-14632
atomic-openshift: oc patch with json causes masterapi service crash
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management.
Puede ocurrir una escritura fuera de límites al parchear un objeto Openshift mediante la funcionalidad "oc patch" en OpenShift Container Platform, en versiones anteriores a la 3.7. Un atacante puede emplear este error para provocar un ataque de denegación de servicio (DoS) en el servicio de la API maestra de Openshift que gestiona los clústeres.
An out of bounds write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform 3.x. An attacker can use this flaw to cause a denial of service attack on the Openshift master API service which provides cluster management.
Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the RPM packages for Red Hat OpenShift Container Platform 3.9.51. Issues addressed include a crash vulnerability.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-07-27 CVE Reserved
- 2018-09-06 CVE Published
- 2024-08-05 CVE Updated
- 2025-03-30 EPSS Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (9)
| URL | Tag | Source |
|---|
| URL | Date | SRC |
|---|
| URL | Date | SRC |
|---|---|---|
| https://access.redhat.com/errata/RHBA-2018:2652 | 2023-02-07 | |
| https://access.redhat.com/errata/RHSA-2018:2654 | 2023-02-07 | |
| https://access.redhat.com/errata/RHSA-2018:2709 | 2023-02-07 | |
| https://access.redhat.com/errata/RHSA-2018:2906 | 2023-02-07 | |
| https://access.redhat.com/errata/RHSA-2018:2908 | 2023-02-07 | |
| https://access.redhat.com/security/cve/CVE-2018-14632 | 2018-11-20 | |
| https://bugzilla.redhat.com/show_bug.cgi?id=1625885 | 2018-11-20 |
Affected Vendors, Products, and Versions
| Vendor | Product | Version | Other | Status | ||||||
|---|---|---|---|---|---|---|---|---|---|---|
| Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
| Redhat Search vendor "Redhat" | Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform" | <= 3.7 Search vendor "Redhat" for product "Openshift Container Platform" and version " <= 3.7" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform" | 3.9 Search vendor "Redhat" for product "Openshift Container Platform" and version "3.9" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform" | 3.10 Search vendor "Redhat" for product "Openshift Container Platform" and version "3.10" | - |
Affected
| ||||||
| Redhat Search vendor "Redhat" | Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform" | 3.11 Search vendor "Redhat" for product "Openshift Container Platform" and version "3.11" | - |
Affected
| ||||||
| Starcounter-jack Search vendor "Starcounter-jack" | Json-patch Search vendor "Starcounter-jack" for product "Json-patch" | - | - |
Affected
| ||||||