CVE-2025-32387
6.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to parser recursion that can exceed the stack size limit and trigger a stack overflow. This issue has been resolved in Helm v3.17.3.
Affected Software
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| helm | helm | < 3.17.3 | affected |
Weaknesses
- CWE-121: CWE-121: Stack-based Buffer Overflow
- CWE-674: CWE-674: Uncontrolled Recursion
ADP Enrichment
CISA ADP Vulnrichment
- SSVC:
- Exploitation: none
- Automatable: no
- Technical Impact: partial
References
- https://github.com/helm/helm/security/advisories/GHSA-5xqw-8hwv-wg92
- https://github.com/helm/helm/commit/d8ca55fc669645c10c0681d49723f4bb8c0b1ce7
Feedback
Was this page helpful?
Glad to hear it! Please tell us how we can improve.
Sorry to hear that. Please tell us how we can improve.