data/reports/GO-2022-1166.yaml

id: GO-2022-1166
modules:
    - module: helm.sh/helm/v3
      versions:
        - fixed: 3.10.3
      vulnerable_at: 3.10.2
      packages:
        - package: helm.sh/helm/v3/pkg/chartutil
          symbols:
            - ValidateAgainstSingleSchema
          derived_symbols:
            - ToRenderValues
            - ValidateAgainstSchema
summary: Denial of service via schema file in helm.sh/helm/v3
description: |-
    Certain JSON schema validation files can cause a Helm Client to panic, leading
    to a possible denial of service.

    The chartutil package contains a parser that loads a JSON Schema validation
    file. For example, the Helm client when rendering a chart will validate its
    values with the schema file. The chartutil package parses the schema file and
    loads it into memory, but some schema files can cause array data structures to
    be created causing a memory violation.

    The Helm Client will panic with a schema file that causes a memory violation
    panic. Helm is not a long running service so the panic will not affect future
    uses of the Helm client.
cves:
    - CVE-2022-23526
ghsas:
    - GHSA-67fx-wx78-jx33
credits:
    - Ada Logics, in a fuzzing audit sponsored by CNCF
references:
    - advisory: https://github.com/helm/helm/security/advisories/GHSA-67fx-wx78-jx33
    - fix: https://github.com/helm/helm/commit/bafafa8bb1b571b61d7a9528da8d40c307dade3d