Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

redhat логотип

CVE-2025-55199

Опубликовано: 13 авг. 2025
Источник: redhat
CVSS3: 6.5

Описание

Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory (OOM) termination. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring all Helm charts that are being loaded into Helm do not have any reference of $ref pointing to /dev/zero.

A flaw was found in helm.sh/helm/v3. A maliciously crafted JSON Schema file can trigger excessive memory consumption during Helm Chart validation, leading to an out-of-memory (OOM) termination. A remote attacker, requiring user interaction to provide the crafted file, can trigger this condition. This issue results in an application level denial of service affecting the Helm process.

Меры по смягчению последствий

To mitigate this flaw, ensure all Helm charts do not have any reference of $ref pointing to /dev/zero.

Затронутые пакеты

ПлатформаПакетСостояниеРекомендацияРелиз
Deployment Validation Operatordvo/deployment-validation-rhel8-operatorFix deferred
Migration Toolkit for Applications 7mta/mta-cli-rhel9Fix deferred
Multicluster Engine for Kubernetesmulticluster-engine/addon-manager-rhel8Fix deferred
Multicluster Engine for Kubernetesmulticluster-engine/addon-manager-rhel9Fix deferred
Multicluster Engine for Kubernetesmulticluster-engine/backplane-rhel8-operatorFix deferred
Multicluster Engine for Kubernetesmulticluster-engine/backplane-rhel9-operatorFix deferred
Multicluster Engine for Kubernetesmulticluster-engine/cluster-proxy-rhel8Fix deferred
Multicluster Engine for Kubernetesmulticluster-engine/cluster-proxy-rhel9Fix deferred
Multicluster Engine for Kubernetesmulticluster-engine/hypershift-addon-rhel8-operatorFix deferred
Multicluster Engine for Kubernetesmulticluster-engine/hypershift-addon-rhel9-operatorFix deferred

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Moderate
Дефект:
CWE-770
https://bugzilla.redhat.com/show_bug.cgi?id=2388449helm.sh/helm/v3: Helm Chart JSON Schema Denial of Service

6.5 Medium

CVSS3

Связанные уязвимости

nvd логотип

CVE-2025-55199

CVSS3: 6.5
nvd
27 дней назад

Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory (OOM) termination. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring all Helm charts that are being loaded into Helm do not have any reference of $ref pointing to /dev/zero.

debian логотип

CVE-2025-55199

CVSS3: 6.5
debian
27 дней назад

Helm is a package manager for Charts for Kubernetes. Prior to version ...

github логотип

GHSA-9h84-qmv7-982p

CVSS3: 6.5
github
27 дней назад

Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion

6.5 Medium

CVSS3