AZL-60145

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-60145.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-60145

Upstream

CVE-2025-32386

Published

2025-04-09T23:15:37Z

Modified

2026-04-01T05:19:35.850610Z

Summary

CVE-2025-32386 affecting package cert-manager for versions less than 1.11.2-23

Details

Helm is a tool for managing Charts. A chart archive file can be crafted in a manner where it expands to be significantly larger uncompressed than compressed (e.g., >800x difference). When Helm loads this specially crafted chart, memory can be exhausted causing the application to terminate. This issue has been resolved in Helm v3.17.3.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-32386

Affected packages

Azure Linux:2 / cert-manager

Package

Name: cert-manager
Purl: pkg:rpm/azure-linux/cert-manager

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

1.11.2-23

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-60145.json"