blob: db5cb7bb380aaa3ba7ac08af7a12529f0afc9ee8 [file] [log] [blame]
id: GO-2022-1166
modules:
- module: helm.sh/helm/v3
versions:
- fixed: 3.10.3
vulnerable_at: 3.10.2
packages:
- package: helm.sh/helm/v3/pkg/chartutil
symbols:
- ValidateAgainstSingleSchema
derived_symbols:
- ToRenderValues
- ValidateAgainstSchema
summary: Denial of service via schema file in helm.sh/helm/v3
description: |-
Certain JSON schema validation files can cause a Helm Client to panic, leading
to a possible denial of service.
The chartutil package contains a parser that loads a JSON Schema validation
file. For example, the Helm client when rendering a chart will validate its
values with the schema file. The chartutil package parses the schema file and
loads it into memory, but some schema files can cause array data structures to
be created causing a memory violation.
The Helm Client will panic with a schema file that causes a memory violation
panic. Helm is not a long running service so the panic will not affect future
uses of the Helm client.
cves:
- CVE-2022-23526
ghsas:
- GHSA-67fx-wx78-jx33
credits:
- Ada Logics, in a fuzzing audit sponsored by CNCF
references:
- advisory: https://github.com/helm/helm/security/advisories/GHSA-67fx-wx78-jx33
- fix: https://github.com/helm/helm/commit/bafafa8bb1b571b61d7a9528da8d40c307dade3d
review_status: REVIEWED