CVE-2022-23526

Helm contains Denial of service through schema file

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

*SSVC

Descriptions

Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference in the_chartutil_ package that can cause a segmentation violation. The _chartutil_ package contains a parser that loads a JSON Schema validation file. For example, the Helm client when rendering a chart will validate its values with the schema file. The _chartutil_ package parses the schema file and loads it into structures Go can work with. Some schema files can cause array data structures to be created causing a memory violation. Applications that use the _chartutil_ package in the Helm SDK to parse a schema file can suffer a Denial of Service when that input causes a panic that cannot be recovered from. Helm is not a long running service so the panic will not affect future uses of the Helm client. This issue has been patched in 3.10.3. SDK users can validate schema files that are correctly formatted before passing them to the _chartutil_ functions.

Helm es una herramienta para gestionar Charts, recursos de Kubernetes preconfigurados. Las versiones anteriores a la 3.10.3 están sujetas a la desreferencia del puntero NULL en the_chartutil_ package, lo que puede provocar una infracción de segmentación. El paquete _chartutil_ contiene un analizador que carga un archivo de validación de JSON Schema. Por ejemplo, el cliente Helm, al representar un chart, validará sus valores con el archivo de schema. El paquete _chartutil_ analiza el archivo de schema y lo carga en estructuras con las que Go puede trabajar. Algunos archivos de schema pueden provocar la creación de estructuras de datos de matriz, lo que provoca una violación de la memoria. Las aplicaciones que utilizan el paquete _chartutil_ en Helm SDK para analizar un archivo de schema pueden sufrir una Denegación de Servicio (DoS) cuando esa entrada provoca un pánico del que no se puede recuperar. Helm no es un servicio de larga duración, por lo que el pánico no afectará los usos futuros del cliente Helm. Este problema se solucionó en 3.10.3. Los usuarios del SDK pueden validar archivos de schema que estén formateados correctamente antes de pasarlos a las funciones _chartutil_.

A flaw was found in Helm, a tool for managing Charts, a pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to NULL Pointer Dereference in the_chartutil_ package that could cause a segmentation violation. The _chartutil_ package contains a parser that loads a JSON Schema validation files into structures Go can work with. Some schema files can cause array data structures to be created, causing a memory violation. Applications that use the _chartutil_ package in the Helm SDK to parse a schema files may result in a denial of service.

Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This advisory contains the container images for Red Hat OpenShift Container Platform 4.13.0. Issues addressed include bypass, denial of service, information leakage, out of bounds read, and remote SQL injection vulnerabilities.

*Credits: N/A

CVSS Scores

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

Low

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:-

Exploitation

Automatable

Tech. Impact

* Organization's Worst-case Scenario

Timeline

2022-01-19 CVE Reserved
2022-12-15 CVE Published
2024-07-07 EPSS Updated
2024-08-03 CVE Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-476: NULL Pointer Dereference

CAPEC

References (4)

URL	Tag	Source
https://github.com/helm/helm/security/advisories/GHSA-67fx-wx78-jx33	Third Party Advisory

URL	Date	SRC

URL	Date	SRC
https://github.com/helm/helm/commit/bafafa8bb1b571b61d7a9528da8d40c307dade3d	2022-12-20

URL	Date	SRC
https://access.redhat.com/security/cve/CVE-2022-23526	2023-10-31
https://bugzilla.redhat.com/show_bug.cgi?id=2154196	2023-10-31

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Helm Search vendor "Helm"		Helm Search vendor "Helm" for product "Helm"				>= 3.0.0 < 3.10.3 Search vendor "Helm" for product "Helm" and version " >= 3.0.0 < 3.10.3"		-		Affected