CVE-2025-32387

Name
CVE-2025-32387
Description
Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to parser recursion that can exceed the stack size limit and trigger a stack overflow. This issue has been resolved in Helm v3.17.3.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
CONFIRM https://github.com/helm/helm/security/advisories/GHSA-5xqw-8hwv-wg92
MISC https://github.com/helm/helm/commit/d8ca55fc669645c10c0681d49723f4bb8c0b1ce7

Match rules

CPE URI Source package Min version Max version
helm >= 0 < 3.17.3
cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:* helm >= None < 3.17.3

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
helm edge-community 3.17.2-r3 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm edge-community 3.17.2-r2 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm edge-community 3.17.2-r1 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm edge-community 3.17.2-r0 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm edge-community 3.17.1-r0 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm edge-community 3.17.0-r2 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm edge-community 3.17.0-r1 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm edge-community 3.17.0-r0 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm edge-community 3.16.3-r0 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm 3.22-community 3.16.3-r5 techknowlogick <techknowlogick@gitea.com> possibly vulnerable