Ecosyste.ms: Advisories
An open API service providing security vulnerability metadata for many open source software ecosystems.
Security Advisories: GSA_kwCzR0hTQS1neGh2LTNod2Ytd2pwOc4AARNV
JSON-Patch Out-of-bounds Write vulnerability
An out of bound write can occur when patching an Openshift object using the oc patch
functionality in OpenShift Container Platform before 3.7. An attacker can use this flaw to cause a denial of service attack on the Openshift master api service which provides cluster management.
JSON: https://advisories.ecosyste.ms/api/v1/advisories/GSA_kwCzR0hTQS1neGh2LTNod2Ytd2pwOc4AARNV
Source: GitHub Advisory Database
Origin: Unspecified
Severity: High
Classification: General
Published: almost 2 years ago
Updated: about 1 year ago
CVSS Score: 7.7
CVSS vector: CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:C/C:N/I:N/A:H
Identifiers: GHSA-gxhv-3hwf-wjp9, CVE-2018-14632
References:
- https://nvd.nist.gov/vuln/detail/CVE-2018-14632
- https://github.com/evanphx/json-patch/commit/4c9aadca8f89e349c999f04e28199e96e81aba03#diff-65c563bba473be9d94ce4d033f74810e
- https://access.redhat.com/errata/RHBA-2018:2652
- https://access.redhat.com/errata/RHSA-2018:2654
- https://access.redhat.com/errata/RHSA-2018:2709
- https://access.redhat.com/errata/RHSA-2018:2906
- https://access.redhat.com/errata/RHSA-2018:2908
- https://bugzilla.redhat.com/show_bug.cgi?id=CVE-2018-14632
- https://github.com/evanphx/json-patch/pull/57
- https://github.com/evanphx/json-patch/commit/4c9aadca8f89e349c999f04e28199e96e81aba03
- https://pkg.go.dev/vuln/GO-2021-0076
- https://github.com/advisories/GHSA-gxhv-3hwf-wjp9
Blast Radius: 35.8
Affected Packages
go:github.com/evanphx/json-patch
Dependent packages: 13,670Dependent repositories: 44,181
Downloads:
Affected Version Ranges: >= 3.0.0, < 3.0.1-0.20180525145409-4c9aadca8f89, < 0.5.2
Fixed in: 3.0.1-0.20180525145409-4c9aadca8f89, 0.5.2
All affected versions: 3.0.0
All unaffected versions: 0.5.2, 4.0.0, 4.1.0, 4.2.0, 4.4.0, 4.5.0, 4.9.0, 4.11.0, 4.12.0, 5.6.0, 5.7.0, 5.8.0, 5.8.1