Helm Out-of-Memory Vulnerability via Crafted JSON Schema

A denial-of-service vulnerability has been identified in Helm, a package manager for Kubernetes charts, in versions prior to 3.18.5. The issue arises from the ability to create a JSON Schema file that can exhaust all available memory, leading to an out-of-memory termination. This vulnerability can be exploited by referencing certain files in a way that causes excessive memory usage.

Impact

Exploitation of this vulnerability can cause Helm to terminate unexpectedly due to excessive memory consumption, leading to a denial-of-service condition.

Reproduction

To reproduce this vulnerability, create a Helm chart that includes a JSON Schema file. In this schema file, add a reference that points to a device file, such as '/dev/zero'. When this chart is loaded into Helm, the application will use all available memory and terminate due to out-of-memory conditions.

Remediation

Users can upgrade to Helm version 3.18.5 or later to address this vulnerability. Additionally, ensure that no Helm charts being loaded contain references in the JSON Schema that point to '/dev/zero'.