CVE-2025-32387

EUVD-2025-10671
Helm is a package manager for Charts for Kubernetes. A JSON Schema file within a chart can be crafted with a deeply nested chain of references, leading to parser recursion that can exceed the stack size limit and trigger a stack overflow. This issue has been resolved in Helm v3.17.3.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
6.5 MEDIUM
NETWORK
LOW
NONE
CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:N/A:H
Base Score
CVSS 3.x
EPSS Score
Percentile: 36%
Affected Products (NVD)
VendorProductVersion
helmhelm
𝑥
< 3.17.3
𝑥
= Vulnerable software versions
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
helm
bionic
needs-triage
focal
needs-triage
jammy
needs-triage
noble
needs-triage
oracular
ignored
plucky
ignored
questing
ignored
resolute
needs-triage
xenial
ignored
openSUSE logo
openSUSE / SLES Releases
openSUSE Product
Release
helm-mirror
suse enterprise sap 15 SP6
0.3.1-150000.1.18.2
fixed
suse enterprise sap 15 SP7
0.3.1-150000.1.18.2
fixed
suse enterprise server 15 SP4
0.3.1-150000.1.18.2
fixed
suse enterprise server 15 SP6
0.3.1-150000.1.18.2
fixed
suse enterprise server 15 SP7
0.3.1-150000.1.18.2
fixed
terraform-provider-aws
suse enterprise sap 15 SP4
3.11.0-150200.6.18.1
fixed
suse enterprise sap 15 SP5
3.11.0-150200.6.18.1
fixed
suse enterprise server 15 SP4
3.11.0-150200.6.18.1
fixed
suse enterprise server 15 SP5
3.11.0-150200.6.18.1
fixed
terraform-provider-azurerm
suse enterprise sap 15 SP4
2.32.0-150200.6.12.1
fixed
suse enterprise sap 15 SP5
2.32.0-150200.6.12.1
fixed
suse enterprise server 15 SP4
2.32.0-150200.6.12.1
fixed
suse enterprise server 15 SP5
2.32.0-150200.6.12.1
fixed
terraform-provider-external
suse enterprise sap 15 SP4
2.0.0-150200.6.12.1
fixed
suse enterprise sap 15 SP5
2.0.0-150200.6.12.1
fixed
suse enterprise server 15 SP4
2.0.0-150200.6.12.1
fixed
suse enterprise server 15 SP5
2.0.0-150200.6.12.1
fixed
terraform-provider-google
suse enterprise sap 15 SP4
3.43.0-150200.6.12.1
fixed
suse enterprise sap 15 SP5
3.43.0-150200.6.12.1
fixed
suse enterprise server 15 SP4
3.43.0-150200.6.12.1
fixed
suse enterprise server 15 SP5
3.43.0-150200.6.12.1
fixed
terraform-provider-helm
suse enterprise sap 15 SP4
2.9.0-150200.6.23.1
fixed
suse enterprise sap 15 SP5
2.9.0-150200.6.23.1
fixed
suse enterprise server 15 SP4
2.9.0-150200.6.23.1
fixed
suse enterprise server 15 SP5
2.9.0-150200.6.23.1
fixed
terraform-provider-kubernetes
suse enterprise sap 15 SP4
1.13.2-150200.6.12.1
fixed
suse enterprise sap 15 SP5
1.13.2-150200.6.12.1
fixed
suse enterprise server 15 SP4
1.13.2-150200.6.12.1
fixed
suse enterprise server 15 SP5
1.13.2-150200.6.12.1
fixed
terraform-provider-local
suse enterprise sap 15 SP4
2.0.0-150200.6.17.1
fixed
suse enterprise sap 15 SP5
2.0.0-150200.6.17.1
fixed
suse enterprise server 15 SP4
2.0.0-150200.6.17.1
fixed
suse enterprise server 15 SP5
2.0.0-150200.6.17.1
fixed
terraform-provider-null
suse enterprise sap 15 SP4
3.0.0-150200.6.18.1
fixed
suse enterprise sap 15 SP5
3.0.0-150200.6.18.1
fixed
suse enterprise server 15 SP4
3.0.0-150200.6.18.1
fixed
suse enterprise server 15 SP5
3.0.0-150200.6.18.1
fixed
terraform-provider-random
suse enterprise sap 15 SP4
3.0.0-150200.6.15.1
fixed
suse enterprise sap 15 SP5
3.0.0-150200.6.15.1
fixed
suse enterprise server 15 SP4
3.0.0-150200.6.15.1
fixed
suse enterprise server 15 SP5
3.0.0-150200.6.15.1
fixed
terraform-provider-tls
suse enterprise sap 15 SP4
3.0.0-150200.5.15.1
fixed
suse enterprise sap 15 SP5
3.0.0-150200.5.15.1
fixed
suse enterprise server 15 SP4
3.0.0-150200.5.15.1
fixed
suse enterprise server 15 SP5
3.0.0-150200.5.15.1
fixed
Azure Linux logo
Azure Linux Releases
Azure Package
Release
cert-manager
Azure Linux 3.0
0:1.12.15-4.azl3
fixed