EUVD-2022-6887

Malicious code in bioql PyPI...

EUVD-2024-0709

Malicious code in bioql PyPI...

Azure Linux 3.0 Security Update: cert-manager / helm (CVE-2024-26147)

The version of cert-manager / helm installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-26147 advisory. - Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an...

AZL-38497 CVE-2024-26147 affecting package helm for versions less than 3.13.2-3

Helm is a package manager for Charts for Kubernetes. Versions prior to 3.14.2 contain an uninitialized variable vulnerability when Helm parses index and plugin yaml files missing expected content. When either an index.yaml file or a plugins plugin.yaml file were missing all metadata a panic would...

CVE-2022-23524

A flaw was found in Helm, a tool for managing Charts, a pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to Uncontrolled Resource Consumption. Input to functions in the strvals package could cause a stack overflow that is unrecoverable by Go. Applications that use functio...

CVE-2022-23526

A flaw was found in Helm, a tool for managing Charts, a pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference in thechartutil package that could cause a segmentation violation. The chartutil package contains a parser that loads a JSON Schema...

GO-2022-1167 Denial of service in string value parsing in helm.sh/helm/v3

Applications that use the strvals package in the Helm SDK to parse user supplied input can suffer a Denial of Service when that input causes an error that cannot be recovered from. The strvals package contains a parser that turns strings into Go structures. For example, the Helm client has comman...

PT-2022-16050 · Helm +2 · Helm +2

Name of the Vulnerable Software and Affected Versions: Helm versions prior to 3.10.3 Description: Helm is a tool for managing Charts, pre-configured Kubernetes resources. The issue results in Uncontrolled Resource Consumption, leading to Denial of Service. Input to functions in the strvals packag...

Design/Logic Flaw

Flux2 is a tool for keeping Kubernetes clusters in sync with sources of configuration, and Flux's helm-controller is a Kubernetes operator that allows one to declaratively manage Helm chart releases. Helm controller is tightly integrated with the Helm SDK. A vulnerability found in the Helm SDK th...

CVE-2022-36055

An out-of-memory panic vulnerability exists in the strvals package, which can lead to a denial of service. Applications that use functions from the strvals package in the Helm SDK can cause panic and denial of service...

GO-2022-0962 Denial of service through string value parsing in helm.sh/helm/v3

Applications that use the strvals package in the Helm SDK to parse user supplied input can suffer a Denial of Service when that input causes a panic that cannot be recovered from. The strvals package contains a parser that turns strings into Go structures. For example, the Helm client has command...

Denial of service through string value parsing

Fuzz testing, by Ada Logics and sponsored by the CNCF, identified input to functions in the strvals package that can cause an out of memory panic. Out of memory panics cannot be recovered from. Applications that use functions from the strvals package in the Helm SDK can have a Denial of Service...

PT-2022-4743 · Flux2 +2 · Flux2 +2

Name of the Vulnerable Software and Affected Versions: flux2 versions 0.0.17 through 0.32.0 helm-controller versions 0.0.4 through 0.23.0 Description: A vulnerability found in the Helm SDK affects flux2 and helm-controller, allowing specific data inputs to cause high memory consumption. In some...