Primary

Context

Helm Stack Overflow Vulnerability via Deeply Nested JSON Schema References

Vulnerability

Patched

A stack overflow vulnerability has been identified in Helm, a package manager for Kubernetes charts. This issue arises from a JSON Schema file within a chart that can be crafted with a deeply nested chain of references. Such a configuration leads to parser recursion, potentially exceeding the stack size limit and causing a stack overflow. The vulnerability affects Helm versions prior to 3.17.3.

Impact

Exploitation of this vulnerability causes a stack overflow, which can lead to a denial-of-service condition by crashing the application.

Remediation

Users can upgrade to Helm version 3.17.3 or later to address this vulnerability. Additionally, ensure that the JSON Schema within any charts loaded by Helm does not contain a large number of nested references, especially in files larger than 10 MiB.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

5.1

remediation

7.9

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

6.6

impact

2.5

exploitability

5.1

remediation

7.9

relevance

0.0

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Helm Stack Overflow Vulnerability via Deeply Nested JSON Schema References

Vulnerability

Impact

Remediation

Affected Products

Helm

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating