Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-55198

Опубликовано: 13 авг. 2025
Источник: redhat
CVSS3: 6.5
EPSS Низкий

Описание

Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an improper validation of type error can lead to a panic. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring YAML files are formatted as Helm expects prior to processing them with Helm.

A flaw was found in helm.sh/helm/v3. Improper validation of type errors during parsing of Chart.yaml and index.yaml files can trigger a panic. A remote attacker, requiring user interaction, can trigger this panic via a malformed chart file. This can lead to an application level denial of service.

Меры по смягчению последствий

To mitigate this flaw, ensure YAML files are formatted as Helm expects prior to processing them with Helm.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Deployment Validation Operatordvo/deployment-validation-rhel8-operatorFix deferred
Migration Toolkit for Applications 7mta/mta-cli-rhel9Fix deferred
Multicluster Engine for Kubernetesmulticluster-engine/addon-manager-rhel8Fix deferred
Multicluster Engine for Kubernetesmulticluster-engine/addon-manager-rhel9Fix deferred
Multicluster Engine for Kubernetesmulticluster-engine/backplane-rhel8-operatorFix deferred
Multicluster Engine for Kubernetesmulticluster-engine/backplane-rhel9-operatorFix deferred
Multicluster Engine for Kubernetesmulticluster-engine/cluster-proxy-rhel8Fix deferred
Multicluster Engine for Kubernetesmulticluster-engine/cluster-proxy-rhel9Fix deferred
Multicluster Engine for Kubernetesmulticluster-engine/hypershift-addon-rhel8-operatorFix deferred
Multicluster Engine for Kubernetesmulticluster-engine/hypershift-addon-rhel9-operatorFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-908
https://bugzilla.redhat.com/show_bug.cgi?id=2388451helm.sh/helm/v3: Helm YAML Parsing Panic Vulnerability

EPSS

Процентиль: 2%
0.00015
Низкий

6.5 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2025-55198

CVSS3: 6.5
nvd
27 дней назад

Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, when parsing Chart.yaml and index.yaml files, an improper validation of type error can lead to a panic. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring YAML files are formatted as Helm expects prior to processing them with Helm.

debian логотип

CVE-2025-55198

CVSS3: 6.5
debian
27 дней назад

Helm is a package manager for Charts for Kubernetes. Prior to version ...

github логотип

GHSA-f9f8-9pmf-xv68

CVSS3: 6.5
github
27 дней назад

Helm May Panic Due To Incorrect YAML Content

redos логотип

ROS-20250905-08

CVSS3: 6.5
redos
5 дней назад

Множественные уязвимости helm

EPSS

Процентиль: 2%
0.00015
Низкий

6.5 Medium

CVSS3

Уязвимость CVE-2025-55198