Lucene search
+L

17 matches found

Veracode
Veracode
added 3 days ago9 views

Uncontrolled Resource Consumption

github.com/aquasecurity/trivy is vulnerable to Uncontrolled Resource Consumption. The vulnerability is due to the custom tar unpacker reading Helm chart archive .tgz entries using io.ReadAll without enforcing a size limit, which allows an attacker to supply a malicious compressed archive that...

6.9CVSS5.3AI score0.0025EPSS
Exploits0References3Affected Software1
Snyk
Snyk
added 2026/06/25 5:20 p.m.7 views

Allocation of Resources Without Limits or Throttling

Overview Affected versions of this package are vulnerable to Allocation of Resources Without Limits or Throttling via the parser process. An attacker can cause excessive memory consumption by submitting a specially crafted Helm chart archive that decompresses to a very large size. Remediation...

6.9CVSS6AI score0.0025EPSS
Exploits0References2
EUVD
EUVD
added 2025/10/03 8:7 p.m.4 views

EUVD-2022-5856

Malicious code in bioql PyPI...

6.5CVSS6.7AI score0.01483EPSS
Exploits1References4
EUVD
EUVD
added 2025/10/03 8:7 p.m.8 views

EUVD-2025-10670

Malicious code in bioql PyPI...

6.5CVSS6.7AI score0.00427EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2025/05/27 7:0 a.m.5 views

Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination

...

6.5CVSS6.8AI score0.00427EPSS
Exploits0
OSV
OSV
added 2025/04/11 7:13 p.m.6 views

BIT-HELM-2025-32386 Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination

Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed e.g., 800x difference. When Helm loads this specially crafted chart, memory can be exhausted causing the application to terminate. This issu...

6.5CVSS6.3AI score0.00427EPSS
Exploits0References3
OSV
OSV
added 2025/04/10 4:27 p.m.7 views

GO-2025-3601 Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination in helm.sh/helm

Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination in helm.sh/helm...

6.5CVSS6.4AI score0.00427EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2025/04/10 1:48 p.m.21 views

Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination

A Helm contributor discovered that a specially crafted chart archive file can cause Helm to use all available memory and have an out of memory OOM termination. Impact A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed e.g., 800...

6.5CVSS6.8AI score0.00427EPSS
Exploits0References4Affected Software1
OSV
OSV
added 2025/04/10 1:48 p.m.7 views

GHSA-4HFP-H4CW-HJ8P Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination

A Helm contributor discovered that a specially crafted chart archive file can cause Helm to use all available memory and have an out of memory OOM termination. Impact A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed e.g., 800...

6.5CVSS6.4AI score0.00427EPSS
Exploits0References4
NVD
NVD
added 2025/04/09 11:15 p.m.14 views

CVE-2025-32386

Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed e.g., 800x difference. When Helm loads this specially crafted chart, memory can be exhausted causing the application to terminate. This issu...

6.5CVSS0.00427EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/04/09 10:28 p.m.23 views

CVE-2025-32386 Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination

Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed e.g., 800x difference. When Helm loads this specially crafted chart, memory can be exhausted causing the application to terminate. This issu...

6.5CVSS0.00427EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2025/04/09 10:28 p.m.5 views

CVE-2025-32386 Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination

Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed e.g., 800x difference. When Helm loads this specially crafted chart, memory can be exhausted causing the application to terminate. This issu...

6.5CVSS6.8AI score0.00427EPSS
Exploits0References2
CVE
CVE
added 2025/04/09 10:28 p.m.250 views

CVE-2025-32386

CVE-2025-32386: Helm memory exhaustion via crafted chart archives. A chart can expand uncompressed >800x, triggering memory exhaustion when loaded. Helm fixed in v3.17.3. IBM/Kubecost and related records reference Helm usage and confirm the vulnerability details and mitigation path (upgrade He...

6.5CVSS6.4AI score0.00427EPSS
Exploits0References2Affected Software1
OSV
OSV
added 2025/04/09 10:28 p.m.13 views

CVE-2025-32386 Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination

Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed e.g., 800x difference. When Helm loads this specially crafted chart, memory can be exhausted causing the application to terminate. This issu...

6.5CVSS6.5AI score0.00427EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2025/04/09 12:0 a.m.4 views

PT-2025-15872

Name of the Vulnerable Software and Affected Versions: Helm versions prior to 3.17.3 Description: A specially crafted chart archive file can cause Helm to exhaust its memory, leading to an out-of-memory termination. This occurs when the file expands to be significantly larger uncompressed than...

7.8CVSS6.6AI score0.00427EPSS
Exploits0References122
OSV
OSV
added 2022/05/14 1:33 a.m.21 views

GHSA-XRXM-MVQM-R553 Helm Path Traversal

All versions of Helm between Helm =2.0.0 and 2.12.2 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in The commands helm fetch --untar and helm lint some.tgz that can result when chart archive files are unpacked a file may be unpacked...

6.5CVSS6.5AI score0.01483EPSS
Exploits1References3
Cvelist
Cvelist
added 2019/02/04 9:0 p.m.33 views

CVE-2019-1000009

Helm ChartMuseum version =0.1.0 and 0.8.1 contains a CWE-22: Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in HTTP API to save charts that can result in a specially crafted chart could be uploaded and saved outside the intended location. This attack...

6.6AI score0.01272EPSS
Exploits1References1
Rows per page
Query Builder