| modules: |
| - module: helm.sh/helm/v3 |
| versions: |
| - fixed: 3.10.3 |
| vulnerable_at: 3.10.2 |
| packages: |
| - package: helm.sh/helm/v3/pkg/chartutil |
| symbols: |
| - ValidateAgainstSingleSchema |
| derived_symbols: |
| - ToRenderValues |
| - ValidateAgainstSchema |
| description: | |
| Certain JSON schema validation files can cause a Helm Client to panic, |
| leading to a possible denial of service. |
| |
| The chartutil package contains a parser that loads a JSON Schema validation |
| file. For example, the Helm client when rendering a chart will validate its |
| values with the schema file. The chartutil package parses the schema file |
| and loads it into memory, but some schema files can cause array |
| data structures to be created causing a memory violation. |
| |
| The Helm Client will panic with a schema file that causes a memory violation |
| panic. Helm is not a long running service so the panic will not affect |
| future uses of the Helm client. |
| cves: |
| - CVE-2022-23526 |
| ghsas: |
| - GHSA-67fx-wx78-jx33 |
| credit: Ada Logics, in a fuzzing audit sponsored by CNCF |
| references: |
| - advisory: https://github.com/helm/helm/security/advisories/GHSA-67fx-wx78-jx33 |
| - fix: https://github.com/helm/helm/commit/bafafa8bb1b571b61d7a9528da8d40c307dade3d |