7.7

CVE-2018-14632

An out of bound write can occur when patching an Openshift object using the 'oc patch' functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management.
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Zu dieser CVE wurde keine Warnung gefunden.
EPSS Metriken
Typ Quelle Score Percentile
EPSS FIRST.org 1.95% 0.777
CVSS Metriken
Quelle Base Score Exploit Score Impact Score Vector String
nvd@nist.gov 7.7 3.1 4
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
nvd@nist.gov 4 8 2.9
AV:N/AC:L/Au:S/C:N/I:N/A:P
secalert@redhat.com 7.7 3.1 4
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
CWE-787 Out-of-bounds Write

The product writes data past the end, or before the beginning, of the intended buffer.

https://access.redhat.com/errata/RHBA-2018:2652
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:2654
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:2709
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:2906
Vendor Advisory
https://access.redhat.com/errata/RHSA-2018:2908
Vendor Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14632
Patch
Vendor Advisory
Issue Tracking
https://github.com/evanphx/json-patch/commit/4c9aadca8f89e349c999f04e28199e96e81aba03#diff-65c563bba473be9d94ce4d033f74810e
Patch
Third Party Advisory