CVE-2018-14632
Description
An out-of-bounds write in oc patch in OpenShift Container Platform before 3.7 allows denial of service on the master API service.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
An out-of-bounds write in `oc patch` in OpenShift Container Platform before 3.7 allows denial of service on the master API service.
Vulnerability
An out-of-bounds write vulnerability exists in the oc patch functionality of OpenShift Container Platform (OCP) before version 3.7 [1]. When patching an OpenShift object with a crafted JSON input, the oc patch command can write beyond allocated memory, leading to memory corruption.
Exploitation
An attacker with access to the oc patch command on the OpenShift cluster can exploit this flaw by sending a specially crafted JSON patch. No authentication is required beyond having the ability to run oc patch on the cluster. The attacker triggers the out-of-bounds write during the patching process.
Impact
Successful exploitation causes a denial of service (DoS) on the OpenShift master API service, which is responsible for cluster management operations. This can disrupt normal cluster operations and availability.
Mitigation
The vulnerability is fixed in OpenShift Container Platform 3.7 and later releases. Red Hat has issued updates as part of RHBA-2018:2652 and RHSA-2018:2906 [1][4]. Users should upgrade to a patched version immediately. No other workarounds are mentioned.
AI Insight generated on May 22, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
github.com/evanphx/json-patchGo | < 0.5.2 | 0.5.2 |
github.com/evanphx/json-patchGo | >= 3.0.0, < 3.0.1-0.20180525145409-4c9aadca8f89 | 3.0.1-0.20180525145409-4c9aadca8f89 |
Affected products
2Patches
14c9aadca8f89fix check idx index
2 files changed · +7 −1
patch.go+3 −1 modified@@ -397,7 +397,9 @@ func (d *partialArray) add(key string, val *lazyNode) error { } idx = len(ary) - idx } - + if idx < 0 || idx >= len(ary) || idx > len(cur) { + return fmt.Errorf("Unable to access invalid index: %d", idx) + } copy(ary[0:idx], cur[0:idx]) ary[idx] = val copy(ary[idx+1:], cur[idx:])
patch_test.go+4 −0 modified@@ -227,6 +227,10 @@ var BadCases = []BadCase{ `{ "name":{ "foo": "bat", "qux": "bum"}}`, `[ { "op": "replace", "path": "/foo/bar", "value":"baz"}]`, }, + { + `{ "foo": ["bar"]}`, + `[ {"op": "add", "path": "/foo/2", "value": "bum"}]`, + }, } func TestAllCases(t *testing.T) {
Vulnerability mechanics
Synthesis attempt was rejected by the grounding validator. Re-run pending.
References
12- access.redhat.com/errata/RHBA-2018:2652ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2018:2654ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2018:2709ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2018:2906ghsavendor-advisoryx_refsource_REDHATWEB
- access.redhat.com/errata/RHSA-2018:2908ghsavendor-advisoryx_refsource_REDHATWEB
- github.com/advisories/GHSA-gxhv-3hwf-wjp9ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2018-14632ghsaADVISORY
- bugzilla.redhat.com/show_bug.cgighsax_refsource_CONFIRMWEB
- github.com/evanphx/json-patch/commit/4c9aadca8f89e349c999f04e28199e96e81aba03ghsaWEB
- github.com/evanphx/json-patch/commit/4c9aadca8f89e349c999f04e28199e96e81aba03ghsax_refsource_CONFIRMWEB
- github.com/evanphx/json-patch/pull/57ghsaWEB
- pkg.go.dev/vuln/GO-2021-0076ghsaWEB
News mentions
0No linked articles in our index yet.