Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Helm vulnerable to Denial of service through string value parsing
Vulnerability Description
Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to Uncontrolled Resource Consumption, resulting in Denial of Service. Input to functions in the _strvals_ package can cause a stack overflow. In Go, a stack overflow cannot be recovered from. Applications that use functions from the _strvals_ package in the Helm SDK can have a Denial of Service attack when they use this package and it panics. This issue has been patched in 3.10.3. SDK users can validate strings supplied by users won't create large arrays causing significant memory usage before passing them to the _strvals_ functions.
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L
Vulnerability Type
未加控制的资源消耗(资源穷尽)
Vulnerability Title
Helm 资源管理错误漏洞
Vulnerability Description
Helm是一款Kubernetes包管理器。 Helm 3.10.3之前版本存在资源管理错误漏洞,该漏洞源于会受到不受控制的资源消耗的影响,从而导致拒绝服务, 对 _strvals_ 包中函数的输入可能导致堆栈溢出。
CVSS Information
N/A
Vulnerability Type
N/A