Moderate severityNVD Advisory· Published Apr 9, 2025· Updated Apr 10, 2025
Helm Allows A Specially Crafted JSON Schema To Cause A Stack Overflow
CVE-2025-32387
Description
Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to parser recursion that can exceed the stack size limit and trigger a stack overflow. This issue has been resolved in Helm v3.17.3.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Affected packages
Versions sourced from the GitHub Security Advisory.
| Package | Affected versions | Patched versions |
|---|---|---|
helm.sh/helm/v3Go | < 3.17.3 | 3.17.3 |
Affected products
203- osv-coords202 versionspkg:apk/chainguard/cert-manager-1.12pkg:apk/chainguard/cert-manager-cmctlpkg:apk/chainguard/cert-manager-cmctl-fipspkg:apk/chainguard/cert-manager-fips-1.12pkg:apk/chainguard/chartmuseumpkg:apk/chainguard/chartmuseum-fipspkg:apk/chainguard/chart-testingpkg:apk/chainguard/chart-testing-fipspkg:apk/chainguard/cilium-clipkg:apk/chainguard/cloudbeat-fipspkg:apk/chainguard/cluster-api-helm-controllerpkg:apk/chainguard/cluster-api-helm-controller-fipspkg:apk/chainguard/consul-k8s-1.7pkg:apk/chainguard/consul-k8s-1.7-clipkg:apk/chainguard/consul-k8s-fips-1.4-clipkg:apk/chainguard/eksctlpkg:apk/chainguard/fluxpkg:apk/chainguard/flux-2.5pkg:apk/chainguard/flux-2.5-compatpkg:apk/chainguard/fluxcd-source-controller-bitnami-compatpkg:apk/chainguard/flux-compatpkg:apk/chainguard/flux-fipspkg:apk/chainguard/flux-fips-2.5pkg:apk/chainguard/flux-fips-2.5-compatpkg:apk/chainguard/flux-fips-compatpkg:apk/chainguard/flux-helm-controllerpkg:apk/chainguard/flux-helm-controller-bitnami-compatpkg:apk/chainguard/flux-helm-controller-fipspkg:apk/chainguard/flux-helm-controller-fips-iamguarded-compatpkg:apk/chainguard/flux-helm-controller-iamguarded-compatpkg:apk/chainguard/flux-source-controllerpkg:apk/chainguard/flux-source-controller-bitnami-compatpkg:apk/chainguard/flux-source-controller-fipspkg:apk/chainguard/flux-source-controller-fips-iamguarded-compatpkg:apk/chainguard/flux-source-controller-iamguarded-compatpkg:apk/chainguard/gem-checkpkg:apk/chainguard/goshpkg:apk/chainguard/harbor-2.10pkg:apk/chainguard/harbor-2.10-exporterpkg:apk/chainguard/harbor-2.10-jobservicepkg:apk/chainguard/harbor-2.10-portalpkg:apk/chainguard/harbor-2.10-portal-nginx-configpkg:apk/chainguard/harbor-2.10-redis-compatpkg:apk/chainguard/harbor-2.10-registryctlpkg:apk/chainguard/harbor-2.11pkg:apk/chainguard/harbor-2.11-exporterpkg:apk/chainguard/harbor-2.11-jobservicepkg:apk/chainguard/harbor-2.11-photon-registrypkg:apk/chainguard/harbor-2.11-portalpkg:apk/chainguard/harbor-2.11-portal-nginx-configpkg:apk/chainguard/harbor-2.11-redis-compatpkg:apk/chainguard/harbor-2.11-registryctlpkg:apk/chainguard/harbor-2.12pkg:apk/chainguard/harbor-2.12-exporterpkg:apk/chainguard/harbor-2.12-jobservicepkg:apk/chainguard/harbor-2.12-photon-registrypkg:apk/chainguard/harbor-2.12-portalpkg:apk/chainguard/harbor-2.12-portal-nginx-configpkg:apk/chainguard/harbor-2.12-redis-compatpkg:apk/chainguard/harbor-2.12-registryctlpkg:apk/chainguard/harbor-fips-2.10pkg:apk/chainguard/harbor-fips-2.10-dbpkg:apk/chainguard/harbor-fips-2.10-exporterpkg:apk/chainguard/harbor-fips-2.10-jobservicepkg:apk/chainguard/harbor-fips-2.10-portalpkg:apk/chainguard/harbor-fips-2.10-redis-compatpkg:apk/chainguard/harbor-fips-2.10-registryctlpkg:apk/chainguard/harbor-fips-2.11pkg:apk/chainguard/harbor-fips-2.11-dbpkg:apk/chainguard/harbor-fips-2.11-exporterpkg:apk/chainguard/harbor-fips-2.11-jobservicepkg:apk/chainguard/harbor-fips-2.11-photon-registrypkg:apk/chainguard/harbor-fips-2.11-portalpkg:apk/chainguard/harbor-fips-2.11-redis-compatpkg:apk/chainguard/harbor-fips-2.11-registryctlpkg:apk/chainguard/harbor-fips-2.12pkg:apk/chainguard/harbor-fips-2.12-dbpkg:apk/chainguard/harbor-fips-2.12-exporterpkg:apk/chainguard/harbor-fips-2.12-jobservicepkg:apk/chainguard/harbor-fips-2.12-photon-registrypkg:apk/chainguard/harbor-fips-2.12-portalpkg:apk/chainguard/harbor-fips-2.12-redis-compatpkg:apk/chainguard/harbor-fips-2.12-registryctlpkg:apk/chainguard/harbor-fips-2.13pkg:apk/chainguard/harbor-fips-2.13-dbpkg:apk/chainguard/harbor-fips-2.13-exporterpkg:apk/chainguard/harbor-fips-2.13-jobservicepkg:apk/chainguard/harbor-fips-2.13-photon-registrypkg:apk/chainguard/harbor-fips-2.13-portalpkg:apk/chainguard/harbor-fips-2.13-redis-compatpkg:apk/chainguard/harbor-fips-2.13-registryctlpkg:apk/chainguard/header-checkpkg:apk/chainguard/helm-docspkg:apk/chainguard/helm-operatorpkg:apk/chainguard/helm-operator-compatpkg:apk/chainguard/helm-operator-fipspkg:apk/chainguard/helm-operator-fips-compatpkg:apk/chainguard/helm-pushpkg:apk/chainguard/help-checkpkg:apk/chainguard/k8ssandra-clientpkg:apk/chainguard/k8ssandra-client-fipspkg:apk/chainguard/k9spkg:apk/chainguard/kotspkg:apk/chainguard/kots-compatpkg:apk/chainguard/kots-symlink-compatpkg:apk/chainguard/kubescapepkg:apk/chainguard/kuma-2.7pkg:apk/chainguard/kuma-2.8pkg:apk/chainguard/kumactl-2.7pkg:apk/chainguard/ldd-checkpkg:apk/chainguard/no-docs-checkpkg:apk/chainguard/package-type-checkpkg:apk/chainguard/plutopkg:apk/chainguard/pluto-compatpkg:apk/chainguard/rancher-helm-3pkg:apk/chainguard/symlink-checkpkg:apk/chainguard/syspeekpkg:apk/chainguard/teleportpkg:apk/chainguard/trivypkg:apk/chainguard/trivy-fipspkg:apk/chainguard/twpkg:apk/chainguard/tw-pip-checkpkg:apk/chainguard/twtpkg:apk/chainguard/usrmerge-toolpkg:apk/chainguard/ver-checkpkg:apk/chainguard/verify-servicepkg:apk/chainguard/zarfpkg:apk/chainguard/zotpkg:apk/wolfi/cert-manager-1.12pkg:apk/wolfi/cert-manager-cmctlpkg:apk/wolfi/chartmuseumpkg:apk/wolfi/chart-testingpkg:apk/wolfi/cilium-clipkg:apk/wolfi/cluster-api-helm-controllerpkg:apk/wolfi/consul-k8s-1.7pkg:apk/wolfi/consul-k8s-1.7-clipkg:apk/wolfi/eksctlpkg:apk/wolfi/fluxpkg:apk/wolfi/flux-2.5pkg:apk/wolfi/flux-2.5-compatpkg:apk/wolfi/fluxcd-source-controller-bitnami-compatpkg:apk/wolfi/flux-compatpkg:apk/wolfi/flux-helm-controllerpkg:apk/wolfi/flux-helm-controller-bitnami-compatpkg:apk/wolfi/flux-helm-controller-iamguarded-compatpkg:apk/wolfi/flux-source-controllerpkg:apk/wolfi/flux-source-controller-bitnami-compatpkg:apk/wolfi/flux-source-controller-iamguarded-compatpkg:apk/wolfi/gem-checkpkg:apk/wolfi/goshpkg:apk/wolfi/harbor-2.10pkg:apk/wolfi/harbor-2.10-jobservicepkg:apk/wolfi/harbor-2.10-portalpkg:apk/wolfi/harbor-2.10-portal-nginx-configpkg:apk/wolfi/harbor-2.10-registryctlpkg:apk/wolfi/harbor-2.11pkg:apk/wolfi/harbor-2.11-jobservicepkg:apk/wolfi/harbor-2.11-portalpkg:apk/wolfi/harbor-2.11-portal-nginx-configpkg:apk/wolfi/harbor-2.11-registryctlpkg:apk/wolfi/harbor-2.12pkg:apk/wolfi/harbor-2.12-jobservicepkg:apk/wolfi/harbor-2.12-portalpkg:apk/wolfi/harbor-2.12-portal-nginx-configpkg:apk/wolfi/harbor-2.12-registryctlpkg:apk/wolfi/header-checkpkg:apk/wolfi/helm-docspkg:apk/wolfi/helm-operatorpkg:apk/wolfi/helm-operator-compatpkg:apk/wolfi/helm-pushpkg:apk/wolfi/help-checkpkg:apk/wolfi/k8ssandra-clientpkg:apk/wolfi/k9spkg:apk/wolfi/kotspkg:apk/wolfi/kots-compatpkg:apk/wolfi/kots-symlink-compatpkg:apk/wolfi/kubescapepkg:apk/wolfi/kuma-2.8pkg:apk/wolfi/ldd-checkpkg:apk/wolfi/no-docs-checkpkg:apk/wolfi/package-type-checkpkg:apk/wolfi/plutopkg:apk/wolfi/pluto-compatpkg:apk/wolfi/rancher-helm-3pkg:apk/wolfi/symlink-checkpkg:apk/wolfi/syspeekpkg:apk/wolfi/teleportpkg:apk/wolfi/trivypkg:apk/wolfi/twpkg:apk/wolfi/tw-pip-checkpkg:apk/wolfi/twtpkg:apk/wolfi/usrmerge-toolpkg:apk/wolfi/ver-checkpkg:apk/wolfi/verify-servicepkg:apk/wolfi/zarfpkg:apk/wolfi/zotpkg:bitnami/helmpkg:golang/helm.sh/helm/v3pkg:rpm/opensuse/govulncheck-vulndb&distro=openSUSE%20Tumbleweedpkg:rpm/opensuse/helm-mirror&distro=openSUSE%20Leap%2015.6pkg:rpm/suse/helm-mirror&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP6pkg:rpm/suse/helm-mirror&distro=SUSE%20Linux%20Enterprise%20Module%20for%20Containers%2015%20SP7
< 1.12.17-r10+ 201 more
- (no CPE)range: < 1.12.17-r10
- (no CPE)range: < 2.1.1-r11
- (no CPE)range: < 2.1.1-r10
- (no CPE)range: < 1.12.17-r9
- (no CPE)range: < 0.16.2-r18
- (no CPE)range: < 0.16.2-r16
- (no CPE)range: < 3.12.0-r2
- (no CPE)range: < 3.12.0-r3
- (no CPE)range: < 0.18.3-r1
- (no CPE)range: < 8.17.4-r2
- (no CPE)range: < 0.4.1-r1
- (no CPE)range: < 0.4.1-r2
- (no CPE)range: < 1.7.1-r1
- (no CPE)range: < 1.7.1-r1
- (no CPE)range: < 1.4.10-r25
- (no CPE)range: < 0.207.0-r3
- (no CPE)range: < 2.5.1-r5
- (no CPE)range: < 2.5.1-r6
- (no CPE)range: < 2.5.1-r6
- (no CPE)range: < 1.5.0-r42
- (no CPE)range: < 2.5.1-r5
- (no CPE)range: < 2.5.1-r5
- (no CPE)range: < 2.5.1-r5
- (no CPE)range: < 2.5.1-r5
- (no CPE)range: < 2.5.1-r5
- (no CPE)range: < 1.2.0-r7
- (no CPE)range: < 1.2.0-r7
- (no CPE)range: < 1.2.0-r5
- (no CPE)range: < 1.2.0-r5
- (no CPE)range: < 1.2.0-r7
- (no CPE)range: < 1.5.0-r42
- (no CPE)range: < 1.5.0-r42
- (no CPE)range: < 1.5.0-r8
- (no CPE)range: < 1.5.0-r8
- (no CPE)range: < 1.5.0-r42
- (no CPE)range: < 0.0.13-r0
- (no CPE)range: < 0.0.13-r0
- (no CPE)range: < 2.10.3-r16
- (no CPE)range: < 2.10.3-r16
- (no CPE)range: < 2.10.3-r16
- (no CPE)range: < 2.10.3-r16
- (no CPE)range: < 2.10.3-r16
- (no CPE)range: < 2.10.3-r16
- (no CPE)range: < 2.10.3-r16
- (no CPE)range: < 2.11.2-r8
- (no CPE)range: < 2.11.2-r8
- (no CPE)range: < 2.11.2-r8
- (no CPE)range: < 2.11.2-r8
- (no CPE)range: < 2.11.2-r8
- (no CPE)range: < 2.11.2-r8
- (no CPE)range: < 2.11.2-r8
- (no CPE)range: < 2.11.2-r8
- (no CPE)range: < 2.12.2-r10
- (no CPE)range: < 2.12.2-r10
- (no CPE)range: < 2.12.2-r10
- (no CPE)range: < 2.12.2-r10
- (no CPE)range: < 2.12.2-r10
- (no CPE)range: < 2.12.2-r10
- (no CPE)range: < 2.12.2-r10
- (no CPE)range: < 2.12.2-r10
- (no CPE)range: < 2.10.3-r16
- (no CPE)range: < 2.10.3-r16
- (no CPE)range: < 2.10.3-r16
- (no CPE)range: < 2.10.3-r16
- (no CPE)range: < 2.10.3-r16
- (no CPE)range: < 2.10.3-r16
- (no CPE)range: < 2.10.3-r16
- (no CPE)range: < 2.11.2-r12
- (no CPE)range: < 2.11.2-r12
- (no CPE)range: < 2.11.2-r12
- (no CPE)range: < 2.11.2-r12
- (no CPE)range: < 2.11.2-r12
- (no CPE)range: < 2.11.2-r12
- (no CPE)range: < 2.11.2-r12
- (no CPE)range: < 2.11.2-r12
- (no CPE)range: < 2.12.2-r11
- (no CPE)range: < 2.12.2-r11
- (no CPE)range: < 2.12.2-r11
- (no CPE)range: < 2.12.2-r11
- (no CPE)range: < 2.12.2-r11
- (no CPE)range: < 2.12.2-r11
- (no CPE)range: < 2.12.2-r11
- (no CPE)range: < 2.12.2-r11
- (no CPE)range: < 2.13.0-r1
- (no CPE)range: < 2.13.0-r1
- (no CPE)range: < 2.13.0-r1
- (no CPE)range: < 2.13.0-r1
- (no CPE)range: < 2.13.0-r1
- (no CPE)range: < 2.13.0-r1
- (no CPE)range: < 2.13.0-r1
- (no CPE)range: < 2.13.0-r1
- (no CPE)range: < 0.0.13-r0
- (no CPE)range: < 1.14.2-r8
- (no CPE)range: < 1.39.2-r1
- (no CPE)range: < 1.39.2-r1
- (no CPE)range: < 1.39.2-r1
- (no CPE)range: < 1.39.2-r1
- (no CPE)range: < 0.10.4-r26
- (no CPE)range: < 0.0.13-r0
- (no CPE)range: < 0.8.3-r2
- (no CPE)range: < 0.8.3-r2
- (no CPE)range: < 0.50.3-r0
- (no CPE)range: < 1.124.14-r1
- (no CPE)range: < 1.124.14-r1
- (no CPE)range: < 1.124.14-r1
- (no CPE)range: < 3.0.34-r1
- (no CPE)range: < 2.7.19-r0
- (no CPE)range: < 2.8.8-r8
- (no CPE)range: < 2.7.19-r11
- (no CPE)range: < 0.0.13-r0
- (no CPE)range: < 0.0.13-r0
- (no CPE)range: < 0.0.13-r0
- (no CPE)range: < 5.21.3-r3
- (no CPE)range: < 5.21.3-r3
- (no CPE)range: < 3.19.0-r1
- (no CPE)range: < 0.0.13-r0
- (no CPE)range: < 0.0.13-r0
- (no CPE)range: < 17.4.3-r1
- (no CPE)range: < 0.61.0-r1
- (no CPE)range: < 0.61.0-r2
- (no CPE)range: < 0.0.13-r0
- (no CPE)range: < 0.0.13-r0
- (no CPE)range: < 0.0.13-r0
- (no CPE)range: < 0.0.13-r0
- (no CPE)range: < 0.0.13-r0
- (no CPE)range: < 0.0.13-r0
- (no CPE)range: < 0.51.0-r1
- (no CPE)range: < 2.1.2-r10
- (no CPE)range: < 1.12.17-r10
- (no CPE)range: < 2.1.1-r11
- (no CPE)range: < 0.16.2-r18
- (no CPE)range: < 3.12.0-r2
- (no CPE)range: < 0.18.3-r1
- (no CPE)range: < 0.4.1-r1
- (no CPE)range: < 1.7.1-r1
- (no CPE)range: < 1.7.1-r1
- (no CPE)range: < 0.207.0-r3
- (no CPE)range: < 2.5.1-r5
- (no CPE)range: < 2.5.1-r6
- (no CPE)range: < 2.5.1-r6
- (no CPE)range: < 1.5.0-r42
- (no CPE)range: < 2.5.1-r5
- (no CPE)range: < 1.2.0-r7
- (no CPE)range: < 1.2.0-r7
- (no CPE)range: < 1.2.0-r7
- (no CPE)range: < 1.5.0-r42
- (no CPE)range: < 1.5.0-r42
- (no CPE)range: < 1.5.0-r42
- (no CPE)range: < 0.0.13-r0
- (no CPE)range: < 0.0.13-r0
- (no CPE)range: < 2.10.3-r16
- (no CPE)range: < 2.10.3-r16
- (no CPE)range: < 2.10.3-r16
- (no CPE)range: < 2.10.3-r16
- (no CPE)range: < 2.10.3-r16
- (no CPE)range: < 2.11.2-r8
- (no CPE)range: < 2.11.2-r8
- (no CPE)range: < 2.11.2-r8
- (no CPE)range: < 2.11.2-r8
- (no CPE)range: < 2.11.2-r8
- (no CPE)range: < 2.12.2-r10
- (no CPE)range: < 2.12.2-r10
- (no CPE)range: < 2.12.2-r10
- (no CPE)range: < 2.12.2-r10
- (no CPE)range: < 2.12.2-r10
- (no CPE)range: < 0.0.13-r0
- (no CPE)range: < 1.14.2-r8
- (no CPE)range: < 1.39.2-r1
- (no CPE)range: < 1.39.2-r1
- (no CPE)range: < 0.10.4-r26
- (no CPE)range: < 0.0.13-r0
- (no CPE)range: < 0.8.3-r2
- (no CPE)range: < 0.50.3-r0
- (no CPE)range: < 1.124.14-r1
- (no CPE)range: < 1.124.14-r1
- (no CPE)range: < 1.124.14-r1
- (no CPE)range: < 3.0.34-r1
- (no CPE)range: < 2.8.8-r8
- (no CPE)range: < 0.0.13-r0
- (no CPE)range: < 0.0.13-r0
- (no CPE)range: < 0.0.13-r0
- (no CPE)range: < 5.21.3-r3
- (no CPE)range: < 5.21.3-r3
- (no CPE)range: < 3.19.0-r1
- (no CPE)range: < 0.0.13-r0
- (no CPE)range: < 0.0.13-r0
- (no CPE)range: < 17.4.3-r1
- (no CPE)range: < 0.61.0-r1
- (no CPE)range: < 0.0.13-r0
- (no CPE)range: < 0.0.13-r0
- (no CPE)range: < 0.0.13-r0
- (no CPE)range: < 0.0.13-r0
- (no CPE)range: < 0.0.13-r0
- (no CPE)range: < 0.0.13-r0
- (no CPE)range: < 0.51.0-r1
- (no CPE)range: < 2.1.2-r10
- (no CPE)range: < 3.17.3
- (no CPE)range: < 3.17.3
- (no CPE)range: < 0.0.20250410T162706-1.1
- (no CPE)range: < 0.3.1-150000.1.18.2
- (no CPE)range: < 0.3.1-150000.1.18.2
- (no CPE)range: < 0.3.1-150000.1.18.2
Patches
Vulnerability mechanics
References
4- github.com/advisories/GHSA-5xqw-8hwv-wg92ghsaADVISORY
- nvd.nist.gov/vuln/detail/CVE-2025-32387ghsaADVISORY
- github.com/helm/helm/commit/d8ca55fc669645c10c0681d49723f4bb8c0b1ce7ghsax_refsource_MISCWEB
- github.com/helm/helm/security/advisories/GHSA-5xqw-8hwv-wg92ghsax_refsource_CONFIRMWEB
News mentions
0No linked articles in our index yet.