Описание
Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory (OOM) termination. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring all Helm charts that are being loaded into Helm do not have any reference of $ref pointing to /dev/zero.
A flaw was found in helm.sh/helm/v3. A maliciously crafted JSON Schema file can trigger excessive memory consumption during Helm Chart validation, leading to an out-of-memory (OOM) termination. A remote attacker, requiring user interaction to provide the crafted file, can trigger this condition. This issue results in an application level denial of service affecting the Helm process.
Меры по смягчению последствий
To mitigate this flaw, ensure all Helm charts do not have any reference of $ref pointing to /dev/zero.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Deployment Validation Operator | dvo/deployment-validation-rhel8-operator | Fix deferred | ||
| Migration Toolkit for Applications 7 | mta/mta-cli-rhel9 | Fix deferred | ||
| Multicluster Engine for Kubernetes | multicluster-engine/addon-manager-rhel8 | Fix deferred | ||
| Multicluster Engine for Kubernetes | multicluster-engine/addon-manager-rhel9 | Fix deferred | ||
| Multicluster Engine for Kubernetes | multicluster-engine/backplane-rhel8-operator | Fix deferred | ||
| Multicluster Engine for Kubernetes | multicluster-engine/backplane-rhel9-operator | Fix deferred | ||
| Multicluster Engine for Kubernetes | multicluster-engine/cluster-proxy-rhel8 | Fix deferred | ||
| Multicluster Engine for Kubernetes | multicluster-engine/cluster-proxy-rhel9 | Fix deferred | ||
| Multicluster Engine for Kubernetes | multicluster-engine/hypershift-addon-rhel8-operator | Fix deferred | ||
| Multicluster Engine for Kubernetes | multicluster-engine/hypershift-addon-rhel9-operator | Fix deferred |
Показывать по
Дополнительная информация
Статус:
EPSS
6.5 Medium
CVSS3
Связанные уязвимости
Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory (OOM) termination. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring all Helm charts that are being loaded into Helm do not have any reference of $ref pointing to /dev/zero.
Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion
Helm is a package manager for Charts for Kubernetes. Prior to version ...
Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion
Уязвимость пакетного менеджера для Kubernetes Helm, связанная с распределением ресурсов без ограничений и регулирования, позволяющая нарушителю вызвать отказ в обслуживании
EPSS
6.5 Medium
CVSS3