CVE-2025-32387

{"id": "CVE-2025-32387", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 6.5, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 3.6, "exploitabilityScore": 2.8}]}, "published": "2025-04-09T23:15:37.903", "references": [{"url": "https://github.com/helm/helm/commit/d8ca55fc669645c10c0681d49723f4bb8c0b1ce7", "tags": ["Patch"], "source": "[email protected]"}, {"url": "https://github.com/helm/helm/security/advisories/GHSA-5xqw-8hwv-wg92", "tags": ["Third Party Advisory"], "source": "[email protected]"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-121"}, {"lang": "en", "value": "CWE-674"}]}], "descriptions": [{"lang": "en", "value": "Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to parser recursion that can exceed the stack size limit and trigger a stack overflow. This issue has been resolved in Helm v3.17.3."}, {"lang": "es", "value": " Helm es un administrador de paquetes para Charts para Kubernetes. Un archivo de esquema JSON dentro de un gr\u00e1fico se puede crear con una cadena de referencias profundamente anidada, lo que genera una recursi\u00f3n del analizador que puede superar el l\u00edmite de tama\u00f1o de la pila y provocar un desbordamiento de pila. Este problema se ha resuelto en Helm v3.17.3."}], "lastModified": "2025-09-03T17:03:46.233", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:helm:helm:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "499238FD-0738-4C30-B18B-22A4073E5B31", "versionEndExcluding": "3.17.3"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}