CVE-2025-32386

Name
CVE-2025-32386
Description
Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed (e.g., >800x difference). When Helm loads this specially crafted chart, memory can be exhausted causing the application to terminate. This issue has been resolved in Helm v3.17.3.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
CONFIRM https://github.com/helm/helm/security/advisories/GHSA-4hfp-h4cw-hj8p
MISC https://github.com/helm/helm/commit/d8ca55fc669645c10c0681d49723f4bb8c0b1ce7

Match rules

CPE URI Source package Min version Max version
helm >= 0 < 3.17.3
cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:* helm >= None < 3.17.3

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
helm edge-community 3.17.2-r3 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm edge-community 3.17.2-r2 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm edge-community 3.17.2-r1 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm edge-community 3.17.2-r0 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm edge-community 3.17.1-r0 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm edge-community 3.17.0-r2 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm edge-community 3.17.0-r1 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm edge-community 3.17.0-r0 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm edge-community 3.16.3-r0 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm 3.22-community 3.16.3-r5 techknowlogick <techknowlogick@gitea.com> possibly vulnerable