Headline
GHSA-5xqw-8hwv-wg92: Helm Allows A Specially Crafted JSON Schema To Cause A Stack Overflow
A Helm contributor discovered that a specially crafted JSON Schema within a chart can lead to a stack overflow.
Impact
A JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to parser recursion that can exceed the stack size limit and trigger a stack overflow.
Patches
This issue has been resolved in Helm v3.17.3.
Workarounds
Ensure that the JSON Schema within any charts loaded by Helm does not have a large number of nested references. These JSON Schema files are larger than 10 MiB.
For more information
Helm’s security policy is spelled out in detail in our SECURITY document.
Credits
Disclosed by Jakub Ciolek at AlphaSense.
- GitHub Advisory Database
- GitHub Reviewed
- CVE-2025-32387
Helm Allows A Specially Crafted JSON Schema To Cause A Stack Overflow
Moderate severity GitHub Reviewed Published Apr 9, 2025 in helm/helm • Updated Apr 10, 2025
Package
gomod helm.sh/helm/v3 (Go)
Affected versions
< 3.17.3
A Helm contributor discovered that a specially crafted JSON Schema within a chart can lead to a stack overflow.
Impact
A JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to parser recursion that can exceed the stack size limit and trigger a stack overflow.
Patches
This issue has been resolved in Helm v3.17.3.
Workarounds
Ensure that the JSON Schema within any charts loaded by Helm does not have a large number of nested references. These JSON Schema files are larger than 10 MiB.
For more information
Helm’s security policy is spelled out in detail in our SECURITY document.
Credits
Disclosed by Jakub Ciolek at AlphaSense.
References
- GHSA-5xqw-8hwv-wg92
- https://nvd.nist.gov/vuln/detail/CVE-2025-32387
- helm/helm@d8ca55f
Published to the GitHub Advisory Database
Apr 10, 2025
Last updated
Apr 10, 2025