CVE-2025-32387Stack-based Buffer Overflow in Helm

CWE-121Stack-based Buffer OverflowCWE-674Uncontrolled RecursionCWE-776XML Entity Expansion8 documents6 sources
Severity
6.5MEDIUMNVD
EPSS
0.0%
top 90.40%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
HelmHelm.sh Helm V3
Timeline
PublishedApr 9
Latest updateApr 10

Description

Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to parser recursion that can exceed the stack size limit and trigger a stack overflow. This issue has been resolved in Helm v3.17.3.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:HExploitability: 2.8 | Impact: 3.6

Affected Packages3 packages

CVEListV5helm/helm< 3.17.3
NVDhelm/helm< 3.17.3
Gohelm.sh/helm_v3< 3.17.3

Patches

Patch: github.com

🔴Vulnerability Details

5
OSV
Helm Allows A Specially Crafted JSON Schema To Cause A Stack Overflow in helm.sh/helm2025-04-10
GHSA
Helm Allows A Specially Crafted JSON Schema To Cause A Stack Overflow2025-04-10
OSV
Helm Allows A Specially Crafted JSON Schema To Cause A Stack Overflow2025-04-10
CVEList
Helm Allows A Specially Crafted JSON Schema To Cause A Stack Overflow2025-04-09
OSV
CVE-2025-32387: Helm is a package manager for Charts for Kubernetes2025-04-09

📋Vendor Advisories

2
Red Hat
helm.sh/helm/v3: Helm Allows A Specially Crafted JSON Schema To Cause A Stack Overflow2025-04-09
Microsoft
Helm Allows A Specially Crafted JSON Schema To Cause A Stack Overflow2025-04-08
CVE-2025-32387 — Stack-based Buffer Overflow in Helm | cvebase