AZL-59838

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-59838.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-59838

Upstream

CVE-2025-32386

Published

2025-04-09T23:15:37Z

Modified

2026-04-01T05:19:33.552470Z

Summary

CVE-2025-32386 affecting package helm for versions less than 3.15.2-3

Details

Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed (e.g., >800x difference). When Helm loads this specially crafted chart, memory can be exhausted causing the application to terminate. This issue has been resolved in Helm v3.17.3.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-32386

Affected packages

Azure Linux:3 / helm

Package

Name: helm
Purl: pkg:rpm/azure-linux/helm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.15.2-3

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-59838.json"