17 matches found
Uncontrolled Resource Consumption
github.com/aquasecurity/trivy is vulnerable to Uncontrolled Resource Consumption. The vulnerability is due to the custom tar unpacker reading Helm chart archive .tgz entries using io.ReadAll without enforcing a size limit, which allows an attacker to supply a malicious compressed archive that...
Allocation of Resources Without Limits or Throttling
Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the parser process. An attacker can cause excessive memory consumption by submitting a specially crafted Helm chart archive that decompresses to a very large size. Remediation...
EUVD-2022-5856
Malicious code in bioql PyPI...
EUVD-2025-10670
Malicious code in bioql PyPI...
Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination
...
BIT-HELM-2025-32386 Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination
Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed e.g., 800x difference. When Helm loads this specially crafted chart, memory can be exhausted causing the application to terminate. This issu...
GO-2025-3601 Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination in helm.sh/helm
Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination in helm.sh/helm...
Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination
A Helm contributor discovered that a specially crafted chart archive file can cause Helm to use all available memory and have an out of memory OOM termination. Impact A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed e.g., 800...
GHSA-4HFP-H4CW-HJ8P Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination
A Helm contributor discovered that a specially crafted chart archive file can cause Helm to use all available memory and have an out of memory OOM termination. Impact A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed e.g., 800...
CVE-2025-32386
Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed e.g., 800x difference. When Helm loads this specially crafted chart, memory can be exhausted causing the application to terminate. This issu...
CVE-2025-32386 Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination
Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed e.g., 800x difference. When Helm loads this specially crafted chart, memory can be exhausted causing the application to terminate. This issu...
CVE-2025-32386 Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination
Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed e.g., 800x difference. When Helm loads this specially crafted chart, memory can be exhausted causing the application to terminate. This issu...
CVE-2025-32386
CVE-2025-32386: Helm memory exhaustion via crafted chart archives. A chart can expand uncompressed >800x, triggering memory exhaustion when loaded. Helm fixed in v3.17.3. IBM/Kubecost and related records reference Helm usage and confirm the vulnerability details and mitigation path (upgrade He...
CVE-2025-32386 Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination
Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed e.g., 800x difference. When Helm loads this specially crafted chart, memory can be exhausted causing the application to terminate. This issu...
PT-2025-15872
Name of the Vulnerable Software and Affected Versions: Helm versions prior to 3.17.3 Description: A specially crafted chart archive file can cause Helm to exhaust its memory, leading to an out-of-memory termination. This occurs when the file expands to be significantly larger uncompressed than...
GHSA-XRXM-MVQM-R553 Helm Path Traversal
All versions of Helm between Helm =2.0.0 and 2.12.2 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in The commands helm fetch --untar and helm lint some.tgz that can result when chart archive files are unpacked a file may be unpacked...
CVE-2019-1000009
Helm ChartMuseum version =0.1.0 and 0.8.1 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in HTTP API to save charts that can result in a specially crafted chart could be uploaded and saved outside the intended location. This attack...