CVE-2025-55199

EPSS 0.31%
Veröffentlicht 13.08.2025 23:23:43
Zuletzt bearbeitet 21.08.2025 21:25:20
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Helm Charts with Specific JSON Schema Values Can Cause Memory Exhaustion

Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory (OOM) termination. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring all Helm charts that are being loaded into Helm do not have any reference of $ref pointing to /dev/zero.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 1 Referenzen 5

NVD 1 VulnDex Vulnerability Enrichment 1

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Helm ≫ Helm Version < 3.18.5

VulnDex Vulnerability Enrichment

Diese Information steht angemeldeten Benutzern zur Verfügung.

Zu dieser CVE wurde keine Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.31%	0.226

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
security-advisories@github.com	6.5	2.8	3.6	CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H

CWE-770 Allocation of Resources Without Limits or Throttling

The product allocates a reusable resource or group of resources on behalf of an actor without imposing any restrictions on the size or number of resources that can be allocated, in violation of the intended security policy for that actor.

https://github.com/helm/helm/security/advisories/GHSA-9h84-qmv7-982p

Third Party Advisory

https://github.com/helm/helm/commit/b78692c18f0fb38fe5ba4571a674de067a4c53a5

Patch

https://nvd.nist.gov/vuln/detail/CVE-2025-55199

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2025-55199

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2025-55199

EUVD

Team-orientierte Vulnerability Management Plattform

Features der Plattform

CVE-2025-55199