CVE-2022-23525

Helm vulnerable to Denial of service via NULL Pointer Dereference

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference in the _repo_package. The _repo_ package contains a handler that processes the index file of a repository. For example, the Helm client adds references to chart repositories where charts are managed. The _repo_ package parses the index file of the repository and loads it into structures Go can work with. Some index files can cause array data structures to be created causing a memory violation. Applications that use the _repo_ package in the Helm SDK to parse an index file can suffer a Denial of Service when that input causes a panic that cannot be recovered from. The Helm Client will panic with an index file that causes a memory violation panic. Helm is not a long running service so the panic will not affect future uses of the Helm client. This issue has been patched in 3.10.3. SDK users can validate index files that are correctly formatted before passing them to the _repo_ functions.

Helm es una herramienta para gestionar gráficos, recursos de Kubernetes preconfigurados. Las versiones anteriores a la 3.10.3 están sujetas a la desreferencia de puntero NULL en el _repo_package. El _repo_package contiene un controlador que procesa el archivo de índice de un repositorio. Por ejemplo, el cliente Helm agrega referencias a repositorios de gráficos donde se administran los gráficos. El _repo_package analiza el archivo de índice del repositorio y lo carga en estructuras con las que Go puede trabajar. Algunos archivos de índice pueden provocar la creación de estructuras de datos de matriz, lo que provoca una violación de la memoria. Las aplicaciones que utilizan el _repo_package en el SDK de Helm para analizar un archivo de índice pueden sufrir una Denegación de Servicio (DoS) cuando esa entrada provoca un pánico del que no se puede recuperar. El cliente Helm entrará en pánico con un archivo de índice que provocará una violación de memoria. Helm no es un servicio de larga duración, por lo que el pánico no afectará los usos futuros del cliente Helm. Este problema se solucionó en 3.10.3. Los usuarios del SDK pueden validar los archivos de índice que estén formateados correctamente antes de pasarlos a las funciones _repo_.

A flaw was found in Helm. Applications that use the _repo_ package in Helm SDK to parse an index file may suffer a denial of service when that input causes a panic that cannot be recovered from. The Helm Client will panic with an index file that causes a memory violation panic.

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.0. Issues addressed include bypass, denial of service, information leakage, out of bounds read, and remote SQL injection vulnerabilities.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-01-19 CVE Reserved
2022-12-15 CVE Published
2024-07-07 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-476: NULL Pointer Dereference

CAPEC

References (4)

URL	Tag	Source
https://github.com/helm/helm/security/advisories/GHSA-53c4-hhmh-vw5q	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://github.com/helm/helm/commit/638ebffbc2e445156f3978f02fd83d9af1e56f5b	2022-12-20

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2022-23525	2023-10-31
https://bugzilla.redhat.com/show_bug.cgi?id=2154202	2023-10-31

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Helm Search vendor "Helm"		Helm Search vendor "Helm" for product "Helm"				>= 3.0.0 < 3.10.3 Search vendor "Helm" for product "Helm" and version " >= 3.0.0 < 3.10.3"		-		Affected