VYPR
← All advisories
Unrated severityNVD Advisory· Published Feb 13, 2023· Updated Mar 21, 2025

CVE-2023-0518

CVE-2023-0518

Description

An issue has been discovered in GitLab CE/EE affecting all versions starting from 14.0 before 15.6.7, all versions starting from 15.7 before 15.7.6, all versions starting from 15.8 before 15.8.1. It was possible to trigger a DoS attack by uploading a malicious Helm chart.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Uploading a malicious Helm chart to GitLab triggers a DoS via Sidekiq memory exhaustion, affecting versions 14.0-15.6.6, 15.7.0-15.7.5, and 15.8.0.

Vulnerability

An issue in GitLab CE/EE allows a denial of service (DoS) via malicious Helm chart uploads. Affected versions include all starting from 14.0 before 15.6.7, all starting from 15.7 before 15.7.6, and all starting from 15.8 before 15.8.1 [1]. When a Helm chart (.tar.gz) is uploaded, GitLab's Sidekiq background job extracts metadata from Chart.yaml without adequate size checks [1].

Exploitation

An attacker can upload a crafted Helm chart where the Chart.yaml file is a large empty file (e.g., 2 GB uncompressed, but only ~2 MB compressed) [1]. This compressed size falls within GitLab's default 5 MB Helm chart limit. The Sidekiq job attempts to read the entire Chart.yaml into memory, causing excessive memory consumption [1].

Impact

Successful exploitation causes the Sidekiq process to be killed by the Linux OOM killer, leading to a denial of service. Background jobs may fail, delaying CI pipelines and other operations [1]. The attack can be repeated as often as the attacker uploads packages, allowing sustained DoS [1].

Mitigation

GitLab has fixed the issue in versions 15.6.7, 15.7.6, and 15.8.1 [1]. Users should upgrade to one of these versions. No workaround is available; the fix adds proper size limits during metadata extraction [1].

References
  1. Sidekiq background job DoS by uploading a malicious Helm package (#383082) · Issues · GitLab.org / GitLab · GitLab

AI Insight generated on May 25, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.

Affected products

3

Patches

0

No patches discovered yet.

Vulnerability mechanics

Root cause

"Missing size limit when reading Chart.yaml from a Helm chart tarball allows a zip bomb attack that exhausts Sidekiq worker memory."

Attack vector

An attacker uploads a crafted Helm chart (`.tar.gz`) to a GitLab project's Helm package repository. The tarball contains a `Chart.yaml` file that is inflated to approximately 2 GB (2,147,483,647 bytes) while the compressed tarball remains under the default 5 MB Helm chart file limit [ref_id=1]. When GitLab's Sidekiq background job processes the upload, it reads the entire `Chart.yaml` into memory, causing the Sidekiq worker to exceed its memory limit and be killed by the Linux OOM killer [ref_id=1]. The attack can be repeated by uploading multiple malicious packages, causing continuous denial of service.

Affected code

The vulnerable code path is in `Packages::Helm::ExtractFileMetadataService.chart_yaml_content`. When a Helm chart tarball is uploaded, this service iterates over the tar entries looking for `Chart.yaml` and reads the entire file into memory with `chart_yaml.read` without any length limit [ref_id=1].

What the fix does

The advisory does not include a published patch diff, but the expected fix is to limit the amount of data read from the `Chart.yaml` file inside the Helm tarball [ref_id=1]. A typical `Chart.yaml` is only a few kilobytes, so the code should enforce a reasonable size cap (e.g., a few megabytes) when reading the file content, preventing the Sidekiq worker from loading an arbitrarily large file into memory [ref_id=1].

Preconditions

  • configHelm package repository must be enabled in the GitLab instance
  • authAttacker must have a valid personal access token and a project to upload to
  • networkAttacker must be able to reach the GitLab API endpoint for Helm chart uploads
  • inputAttacker uploads a crafted tarball with a large Chart.yaml file (up to ~2 GB uncompressed)

Reproduction

1. Ensure Helm package repository is enabled in the GitLab instance. 2. Create a personal access token and a new personal project. 3. Craft a malicious Helm package: ``` mkdir test touch test/Chart.yaml fallocate -l 2147483647 test/Chart.yaml tar czvf test-chart.tgz test/Chart.yaml ``` 4. Upload the package: ``` TOKEN="

Generated on May 26, 2026. Inputs: CWE entries + fix-commit diffs from this CVE's patches. Citations validated against bundle.

References

3

News mentions

0

No linked articles in our index yet.