VDB
CVE-2018-14632
CVE-2018-14632
PUBLISHED
An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management.
EPSS 0.51% · 66.8th percentile
Risk Scores
EPSS Score
0.51%
66.8th percentile
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Ubuntu:16.04:LTS | golang-github-evanphx-json-patch | 0, * |
| Ubuntu:20.04:LTS | golang-github-evanphx-json-patch | 4.5.0-1, 0, 0.0~git20150402.0.766277e-1 |
| Ubuntu:24.04:LTS | golang-github-evanphx-json-patch | 5.7.0-1, 5.2.0-2, 0 |
| Ubuntu:22.04:LTS | golang-github-evanphx-json-patch | 0, 5.2.0-1 |
| Ubuntu:25.10 | golang-github-evanphx-json-patch | 0, 5.7.0-1 |
| Ubuntu:18.04:LTS | golang-github-evanphx-json-patch | 0.0~git20150402.0.766277e-1, 0 |
Exploit Intelligence
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14632 (circl)
- https://github.com/evanphx/json-patch/commit/4c9aadca8f89e349c999f04e28199e96e81aba03#diff-65c563bba473be9d94ce4d033f74810e (circl)
- RHBA-2018:2652 (circl)
- RHSA-2018:2654 (circl)
- RHSA-2018:2908 (circl)
- RHSA-2018:2906 (circl)
- RHSA-2018:2709 (circl)
Timeline
- Sep 6, 2018 CVE Published
- Oct 9, 2019 CVE Updated
- Apr 14, 2021 EPSS Score
- Jun 23, 2021 EPSS Score
- Aug 24, 2021 EPSS Score
- Dec 27, 2021 EPSS Score
- Feb 4, 2022 EPSS Score
- Feb 28, 2022 EPSS Score
- May 2, 2022 EPSS Score
- Jul 3, 2022 EPSS Score
- Sep 5, 2022 EPSS Score
- Jan 8, 2023 EPSS Score
References
- https://ubuntu.com/security/CVE-2018-14632 third-party-advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14632 third-party-advisory
- https://github.com/evanphx/json-patch/commit/4c9aadca8f89e349c999f04e28199e96e81aba03#diff-65c563bba473be9d94ce4d033f74810e third-party-advisory
- https://www.cve.org/CVERecord?id=CVE-2018-14632 third-party-advisory