AZL-66318

See a problem?

Import Source

https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-66318.json

JSON Data

https://api.test.osv.dev/v1/vulns/AZL-66318

Upstream

CVE-2025-55199

Published

2025-08-14T00:15:27Z

Modified

2026-04-01T05:20:56.944404Z

Summary

CVE-2025-55199 affecting package helm 3.14.2-10

Details

Helm is a package manager for Charts for Kubernetes. Prior to version 3.18.5, it is possible to craft a JSON Schema file in a manner which could cause Helm to use all available memory and have an out of memory (OOM) termination. This issue has been resolved in Helm 3.18.5. A workaround involves ensuring all Helm charts that are being loaded into Helm do not have any reference of $ref pointing to /dev/zero.

References

https://nvd.nist.gov/vuln/detail/CVE-2025-55199

Affected packages

Azure Linux:2 / helm

Package

Name: helm
Purl: pkg:rpm/azure-linux/helm

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Last affected

3.14.2-10

Database specific

source

"https://github.com/microsoft/AzureLinuxVulnerabilityData/blob/main/osv/AZL-66318.json"