CVE-2018-14632
atomic-openshift: oc patch with json causes masterapi service crash
Severity Score
Exploit Likelihood
Affected Versions
Public Exploits
0Exploited in Wild
-Decision
Descriptions
An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management.
Puede ocurrir una escritura fuera de límites al parchear un objeto Openshift mediante la funcionalidad "oc patch" en OpenShift Container Platform, en versiones anteriores a la 3.7. Un atacante puede emplear este error para provocar un ataque de denegación de servicio (DoS) en el servicio de la API maestra de Openshift que gestiona los clústeres.
An out of bounds write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform 3.x. An attacker can use this flaw to cause a denial of service attack on the Openshift master API service which provides cluster management.
CVSS Scores
SSVC
- Decision:-
Timeline
- 2018-07-27 CVE Reserved
- 2018-09-06 CVE Published
- 2023-08-31 EPSS Updated
- 2024-08-05 CVE Updated
- ---------- Exploited in Wild
- ---------- KEV Due Date
- ---------- First Exploit
CWE
- CWE-787: Out-of-bounds Write
CAPEC
References (9)
URL | Tag | Source |
---|
URL | Date | SRC |
---|
URL | Date | SRC |
---|---|---|
https://access.redhat.com/errata/RHBA-2018:2652 | 2023-02-07 | |
https://access.redhat.com/errata/RHSA-2018:2654 | 2023-02-07 | |
https://access.redhat.com/errata/RHSA-2018:2709 | 2023-02-07 | |
https://access.redhat.com/errata/RHSA-2018:2906 | 2023-02-07 | |
https://access.redhat.com/errata/RHSA-2018:2908 | 2023-02-07 | |
https://access.redhat.com/security/cve/CVE-2018-14632 | 2018-11-20 | |
https://bugzilla.redhat.com/show_bug.cgi?id=1625885 | 2018-11-20 |
Affected Vendors, Products, and Versions
Vendor | Product | Version | Other | Status | ||||||
---|---|---|---|---|---|---|---|---|---|---|
Vendor | Product | Version | Other | Status | <-- --> | Vendor | Product | Version | Other | Status |
Redhat Search vendor "Redhat" | Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform" | <= 3.7 Search vendor "Redhat" for product "Openshift Container Platform" and version " <= 3.7" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform" | 3.9 Search vendor "Redhat" for product "Openshift Container Platform" and version "3.9" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform" | 3.10 Search vendor "Redhat" for product "Openshift Container Platform" and version "3.10" | - |
Affected
| ||||||
Redhat Search vendor "Redhat" | Openshift Container Platform Search vendor "Redhat" for product "Openshift Container Platform" | 3.11 Search vendor "Redhat" for product "Openshift Container Platform" and version "3.11" | - |
Affected
| ||||||
Starcounter-jack Search vendor "Starcounter-jack" | Json-patch Search vendor "Starcounter-jack" for product "Json-patch" | - | - |
Affected
|