CVE-2025-32387

Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to parser recursion that can exceed the stack size limit and trigger a stack overflow. This issue has been resolved in Helm v3.17.3.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/helm/helm/commit/d8ca55fc669645c10c0681d49723f4bb8c0b1ce7
https://github.com/helm/helm/security/advisories/GHSA-5xqw-8hwv-wg92

Configurations

No configuration.

History

11 Apr 2025, 15:40

Type	Values Removed	Values Added
Summary		(es) Helm es un administrador de paquetes para Charts para Kubernetes. Un archivo de esquema JSON dentro de un gráfico se puede crear con una cadena de referencias profundamente anidada, lo que genera una recursión del analizador que puede superar el límite de tamaño de la pila y provocar un desbordamiento de pila. Este problema se ha resuelto en Helm v3.17.3.

09 Apr 2025, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-09 23:15

Updated : 2025-04-11 15:40

NVD link : CVE-2025-32387

Mitre link : CVE-2025-32387

CVE.ORG link : CVE-2025-32387

JSON object : View

Products Affected

No product.

CWE

CWE-121

Stack-based Buffer Overflow

CWE-674

Uncontrolled Recursion

6.5 /10