CVE-2025-55199

Name
CVE-2025-55199
Description
Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory (OOM) termination. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring all Helm charts that are being loaded into Helm do not have any reference of $ref pointing to /dev/zero.
NVD Severity
unknown
Other trackers
CVE, NVD, CERT, CVE Details, CIRCL, Arch Linux, Debian, Red Hat, Ubuntu, Gentoo, SUSE (Bugzilla), SUSE (CVE), Mageia
Mailing lists
oss-security, full-disclosure, bugtraq
Exploits
Exploit DB, Metasploit
Forges
GitHub (code, issues), Aports (code, issues)

References

Type URI
MISC https://github.com/helm/helm/commit/b78692c18f0fb38fe5ba4571a674de067a4c53a5
CONFIRM https://github.com/helm/helm/security/advisories/GHSA-9h84-qmv7-982p

Match rules

CPE URI Source package Min version Max version
helm >= 0 < 3.18.5
cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:* helm >= None < 3.18.5

Vulnerable and fixed packages

Source package Branch Version Maintainer Status
helm edge-community 3.18.4-r2 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm edge-community 3.18.4-r1 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm edge-community 3.18.4-r0 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm edge-community 3.18.3-r1 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm edge-community 3.18.3-r0 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm edge-community 3.18.2-r0 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm edge-community 3.18.0-r0 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm edge-community 3.17.2-r3 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm edge-community 3.17.2-r2 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm edge-community 3.17.2-r1 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm edge-community 3.17.2-r0 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm edge-community 3.17.1-r0 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm edge-community 3.17.0-r2 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm edge-community 3.17.0-r1 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm edge-community 3.17.0-r0 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm edge-community 3.16.3-r0 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm 3.22-community 3.18.4-r3 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm 3.22-community 3.18.4-r2 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm 3.22-community 3.18.4-r1 techknowlogick <techknowlogick@gitea.com> possibly vulnerable
helm 3.22-community 3.16.3-r5 techknowlogick <techknowlogick@gitea.com> possibly vulnerable