CVE-2025-32386

Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed (e.g., >800x difference). When Helm loads this specially crafted chart, memory can be exhausted causing the application to terminate. This issue has been resolved in Helm v3.17.3.

CVSS v3 6.5 MEDIUM

6.5^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 2.8 / Impact : 3.6

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction REQUIRED

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact HIGH

Scope UNCHANGED

References

Link	Resource
https://github.com/helm/helm/commit/d8ca55fc669645c10c0681d49723f4bb8c0b1ce7
https://github.com/helm/helm/security/advisories/GHSA-4hfp-h4cw-hj8p

Configurations

No configuration.

History

11 Apr 2025, 15:40

Type	Values Removed	Values Added
Summary		(es) Helm es una herramienta para Charts. Se puede crear un archivo de almacenamiento de gráficos de manera tal que se expanda para que sea significativamente más grande sin comprimir que comprimido (por ejemplo, una diferencia de >800x). Cuando Helm carga este gráfico especialmente manipulado, la memoria puede agotarse y provocar que la aplicación finalice. Este problema se ha resuelto en Helm v3.17.3.

09 Apr 2025, 23:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-04-09 23:15

Updated : 2025-04-11 15:40

NVD link : CVE-2025-32386

Mitre link : CVE-2025-32386

CVE.ORG link : CVE-2025-32386

JSON object : View

Products Affected

No product.

CWE

CWE-770

Allocation of Resources Without Limits or Throttling

CWE-789

Memory Allocation with Excessive Size Value

{"id": "CVE-2025-32386", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "security-advisories@github.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-04-09T23:15:37.750", "references": [{"url": "https://github.com/helm/helm/commit/d8ca55fc669645c10c0681d49723f4bb8c0b1ce7", "source": "security-advisories@github.com"}, {"url": "https://github.com/helm/helm/security/advisories/GHSA-4hfp-h4cw-hj8p", "source": "security-advisories@github.com"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "security-advisories@github.com", "description": [{"lang": "en", "value": "CWE-770"}, {"lang": "en", "value": "CWE-789"}]}], "descriptions": [{"lang": "en", "value": "Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed (e.g., >800x difference). When Helm loads this specially crafted chart, memory can be exhausted causing the application to terminate. This issue has been resolved in Helm v3.17.3."}, {"lang": "es", "value": " Helm es una herramienta para Charts. Se puede crear un archivo de almacenamiento de gr\u00e1ficos de manera tal que se expanda para que sea significativamente m\u00e1s grande sin comprimir que comprimido (por ejemplo, una diferencia de >800x). Cuando Helm carga este gr\u00e1fico especialmente manipulado, la memoria puede agotarse y provocar que la aplicaci\u00f3n finalice. Este problema se ha resuelto en Helm v3.17.3."}], "lastModified": "2025-04-11T15:40:10.277", "sourceIdentifier": "security-advisories@github.com"}

6.5 /10