Описание
Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion
A Helm contributor discovered that it was possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory (OOM) termination.
Impact
A malicious chart can point $ref in values.schema.json to a device (e.g. /dev/*) or other problem file which could cause Helm to use all available memory and have an out of memory (OOM) termination.
Patches
This issue has been resolved in Helm v3.18.5.
Workarounds
Make sure that all Helm charts that are being loaded into Helm doesn't have any reference of $ref pointing to /dev/zero.
References
Helm's security policy is spelled out in detail in our SECURITY document.
Credits
Disclosed by Jakub Ciolek at AlphaSense.
Пакеты
helm.sh/helm/v3
< 3.18.5
3.18.5
Связанные уязвимости
A flaw was found in helm.sh/helm/v3. A maliciously crafted JSON Schema file can trigger excessive memory consumption during Helm Chart validation, leading to an out-of-memory (OOM) termination. A remote attacker, requiring user interaction to provide the crafted file, can trigger this condition. This issue results in an application level denial of service affecting the Helm process.
Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory (OOM) termination. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring all Helm charts that are being loaded into Helm do not have any reference of $ref pointing to /dev/zero.
Helm is a package manager for Charts for Kubernetes. Prior to version ...