ghsa-5xqw-8hwv-wg92
Vulnerability from github
Published
2025-04-10 13:48
Modified
2025-04-10 13:48
Severity ?
6.5 (Medium) - CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Summary
Helm Allows A Specially Crafted JSON Schema To Cause A Stack Overflow
Details

A Helm contributor discovered that a specially crafted JSON Schema within a chart can lead to a stack overflow.

Impact

A JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to parser recursion that can exceed the stack size limit and trigger a stack overflow.

Patches

This issue has been resolved in Helm v3.17.3.

Workarounds

Ensure that the JSON Schema within any charts loaded by Helm does not have a large number of nested references. These JSON Schema files are larger than 10 MiB.

For more information

Helm's security policy is spelled out in detail in our SECURITY document.

Credits

Disclosed by Jakub Ciolek at AlphaSense.

Show details on source website

To clipboard 

{
  "affected": [
    {
      "package": {
        "ecosystem": "Go",
        "name": "helm.sh/helm/v3"
      },
      "ranges": [
        {
          "events": [
            {
              "introduced": "0"
            },
            {
              "fixed": "3.17.3"
            }
          ],
          "type": "ECOSYSTEM"
        }
      ]
    }
  ],
  "aliases": [
    "CVE-2025-32387"
  ],
  "database_specific": {
    "cwe_ids": [
      "CWE-121",
      "CWE-674"
    ],
    "github_reviewed": true,
    "github_reviewed_at": "2025-04-10T13:48:31Z",
    "nvd_published_at": "2025-04-09T23:15:37Z",
    "severity": "MODERATE"
  },
  "details": "A Helm contributor discovered that a specially crafted JSON Schema within a chart can lead to a stack overflow.\n\n### Impact\nA JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to parser recursion that can exceed the stack size limit and trigger a stack overflow. \n\n### Patches\nThis issue has been resolved in Helm v3.17.3.\n\n### Workarounds\nEnsure that the JSON Schema within any charts loaded by Helm does not have a large number of nested references. These JSON Schema files are larger than 10 MiB.\n\n### For more information\nHelm\u0027s security policy is spelled out in detail in our [SECURITY](https://github.com/helm/community/blob/master/SECURITY.md) document.\n\n### Credits\nDisclosed by Jakub Ciolek at AlphaSense.",
  "id": "GHSA-5xqw-8hwv-wg92",
  "modified": "2025-04-10T13:48:31Z",
  "published": "2025-04-10T13:48:31Z",
  "references": [
    {
      "type": "WEB",
      "url": "https://github.com/helm/helm/security/advisories/GHSA-5xqw-8hwv-wg92"
    },
    {
      "type": "ADVISORY",
      "url": "https://nvd.nist.gov/vuln/detail/CVE-2025-32387"
    },
    {
      "type": "WEB",
      "url": "https://github.com/helm/helm/commit/d8ca55fc669645c10c0681d49723f4bb8c0b1ce7"
    },
    {
      "type": "PACKAGE",
      "url": "https://github.com/helm/helm"
    }
  ],
  "schema_version": "1.4.0",
  "severity": [
    {
      "score": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H",
      "type": "CVSS_V3"
    }
  ],
  "summary": "Helm Allows A Specially Crafted JSON Schema To Cause A Stack Overflow"
}


Log in or create an account to share your comment.




Tags
Taxonomy of the tags.




  • Seen: The vulnerability was mentioned, discussed, or seen somewhere by the user.
  • Confirmed: The vulnerability is confirmed from an analyst perspective.
  • Exploited: This vulnerability was exploited and seen by the user reporting the sighting.
  • Patched: This vulnerability was successfully patched by the user reporting the sighting.
  • Not exploited: This vulnerability was not exploited or seen by the user reporting the sighting.
  • Not confirmed: The user expresses doubt about the veracity of the vulnerability.
  • Not patched: This vulnerability was not successfully patched by the user reporting the sighting.