CVE-2025-32386Allocation of Resources Without Limits or Throttling in Helm

CWE-770Allocation of Resources Without Limits or ThrottlingCWE-789Memory Allocation with Excessive Size Value8 documents6 sources
Severity
6.5MEDIUMNVD
EPSS
0.1%
top 77.79%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
HelmHelm.sh Helm V3
Timeline
PublishedApr 9
Latest updateApr 10

Description

Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed (e.g., >800x difference). When Helm loads this specially crafted chart, memory can be exhausted causing the application to terminate. This issue has been resolved in Helm v3.17.3.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5helm/helm< 3.17.3
NVDhelm/helm< 3.17.3
Gohelm.sh/helm_v3< 3.17.3

Patches

Patch: github.com

🔴Vulnerability Details

5
OSV
Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination2025-04-10
GHSA
Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination2025-04-10
OSV
Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination in helm.sh/helm2025-04-10
CVEList
Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination2025-04-09
OSV
CVE-2025-32386: Helm is a tool for managing Charts2025-04-09

📋Vendor Advisories

2
Red Hat
helm.sh/helm/v3: Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination2025-04-09
Microsoft
Helm Allows A Specially Crafted Chart Archive To Cause Out Of Memory Termination2025-04-08
CVE-2025-32386 — Helm vulnerability | cvebase