Описание
Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed (e.g., >800x difference). When Helm loads this specially crafted chart, memory can be exhausted causing the application to terminate. This issue has been resolved in Helm v3.17.3.
A flaw was found in Helm v3. In affected versions of Helm, a specially crafted chart archive file can cause Helm to use all available memory and have an out of memory (OOM) termination. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed (for example, >800x difference). When Helm loads this specially crafted chart, memory can be exhausted causing the application to terminate.
Меры по смягчению последствий
To mitigate this vulnerability, ensure that any chart archive files being loaded by Helm do not contain files that are large enough to cause the Helm Client or SDK to use up available memory leading to a termination.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| cert-manager Operator for Red Hat OpenShift | cert-manager/jetstack-cert-manager-acmesolver-rhel9 | Fix deferred | ||
| cert-manager Operator for Red Hat OpenShift | cert-manager/jetstack-cert-manager-rhel9 | Fix deferred | ||
| Deployment Validation Operator | deployment-validation-operator-container | Fix deferred | ||
| Multicluster Engine for Kubernetes | multicluster-engine/addon-manager-rhel8 | Fix deferred | ||
| Multicluster Engine for Kubernetes | multicluster-engine/backplane-rhel8-operator | Fix deferred | ||
| Multicluster Engine for Kubernetes | multicluster-engine/cluster-proxy-rhel9 | Fix deferred | ||
| Multicluster Engine for Kubernetes | multicluster-engine/hypershift-addon-rhel9-operator | Fix deferred | ||
| Multicluster Engine for Kubernetes | multicluster-engine/managed-serviceaccount-rhel9 | Fix deferred | ||
| Multicluster Engine for Kubernetes | multicluster-engine/multicloud-manager-rhel8 | Fix deferred | ||
| Multicluster Engine for Kubernetes | multicluster-engine/multicluster-engine-managed-serviceaccount-rhel9 | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed (e.g., >800x difference). When Helm loads this specially crafted chart, memory can be exhausted causing the application to terminate. This issue has been resolved in Helm v3.17.3.
Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed (e.g., >800x difference). When Helm loads this specially crafted chart, memory can be exhausted causing the application to terminate. This issue has been resolved in Helm v3.17.3.
Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination
Helm is a tool for managing Charts. A chart archive file can be crafte ...
Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination
EPSS
6.5 Medium
CVSS3