REDHAT-BUG-2388449
Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory (OOM) termination. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring all Helm charts that are being loaded into Helm do not have any reference of $ref pointing to /dev/zero.
Affected Software
Event History
Frequently Asked Questions
What is the severity of REDHAT-BUG-2388449?
The severity of REDHAT-BUG-2388449 is critical due to its potential to cause an out of memory (OOM) termination.
How do I fix REDHAT-BUG-2388449?
To fix REDHAT-BUG-2388449, upgrade Helm to version 3.18.5 or later.
What versions of Helm are affected by REDHAT-BUG-2388449?
Helm versions prior to 3.18.5 are affected by REDHAT-BUG-2388449.
What security risk does REDHAT-BUG-2388449 pose?
REDHAT-BUG-2388449 poses a risk of denial of service through excessive memory usage.
Is there a workaround for REDHAT-BUG-2388449?
A workaround for REDHAT-BUG-2388449 involves ensuring the JSON Schema files are crafted to prevent excessive memory use.