SB2025063011 - SUSE update for helm-mirror
Published: June 30, 2025
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 2 secuirty vulnerabilities.
1) Allocation of Resources Without Limits or Throttling (CVE-ID: CVE-2025-32386)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed (e.g., >800x difference). A remote attacker can trick the victim into opening this specially crafted chart to cause memory exhaustion and the application to be terminated.
2) Stack-based buffer overflow (CVE-ID: CVE-2025-32387)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to a boundary error. A remote unauthenticated attacker can craft a JSON Schema file within a chart with a deeply nested chain of references, leading to parser recursion that can exceed the stack size limit and trigger a stack overflow.
Remediation
Install update from vendor's website.