CVE-2022-36049

See a problem?

Source

https://nvd.nist.gov/vuln/detail/CVE-2022-36049

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2022-36049.json

JSON Data

https://api.osv.dev/v1/vulns/CVE-2022-36049

Aliases

Related

GO-2022-0962

Published

2022-09-07T21:15:08Z

Modified

2024-09-03T07:44:49.842062Z

Severity

7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVSS Calculator

Summary

[none]

Details

Flux2 is a tool for keeping Kubernetes clusters in sync with sources of configuration, and Flux's helm-controller is a Kubernetes operator that allows one to declaratively manage Helm chart releases. Helm controller is tightly integrated with the Helm SDK. A vulnerability found in the Helm SDK that affects flux2 v0.0.17 until v0.32.0 and helm-controller v0.0.4 until v0.23.0 allows for specific data inputs to cause high memory consumption. In some platforms, this could cause the controller to panic and stop processing reconciliations. In a shared cluster multi-tenancy environment, a tenant could create a HelmRelease that makes the controller panic, denying all other tenants from their Helm releases being reconciled. Patches are available in flux2 v0.32.0 and helm-controller v0.23.0.

References

Affected packages

Git / github.com/fluxcd/helm-controller

Affected ranges

Type: GIT
Repo: https://github.com/fluxcd/helm-controller
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

d471d7dae2eaebe8d65da71026ade07f00d572b5

Type: GIT
Repo: https://github.com/helm/helm
Events: Introduced

e29ce2a54e96cd02ccfce88bee4f58bb6e2a28b6

Fixed

dbc6d8e20fe1d58d50e6ed30f09a04a77e4c68db

Affected versions

api/v0.*

api/v0.0.10

api/v0.0.3

api/v0.0.4

api/v0.0.5

api/v0.0.6

api/v0.0.7

api/v0.0.8

api/v0.0.9

api/v0.1.0

api/v0.1.1

api/v0.1.2

api/v0.1.3

api/v0.10.0

api/v0.10.1

api/v0.11.0

api/v0.11.1

api/v0.11.2

api/v0.12.0

api/v0.12.1

api/v0.12.2

api/v0.13.0

api/v0.14.0

api/v0.14.1

api/v0.15.0

api/v0.16.0

api/v0.17.0

api/v0.17.1

api/v0.18.0

api/v0.18.1

api/v0.18.2

api/v0.19.0

api/v0.2.0

api/v0.2.1

api/v0.2.2

api/v0.20.0

api/v0.20.1

api/v0.21.0

api/v0.22.0

api/v0.22.1

api/v0.22.2

api/v0.23.0

api/v0.23.1

api/v0.24.0

api/v0.25.0

api/v0.26.0

api/v0.27.0

api/v0.28.0

api/v0.28.1

api/v0.29.0

api/v0.3.0

api/v0.30.0

api/v0.31.0

api/v0.31.1

api/v0.31.2

api/v0.4.0

api/v0.4.1

api/v0.4.2

api/v0.4.3

api/v0.4.4

api/v0.5.0

api/v0.5.1

api/v0.5.2

api/v0.6.0

api/v0.6.1

api/v0.7.0

api/v0.8.0

api/v0.8.1

api/v0.8.2

api/v0.9.0

v0.*

v0.0.1

v0.0.1-alpha.1

v0.0.1-alpha.2

v0.0.1-beta.1

v0.0.1-beta.2

v0.0.1-beta.3

v0.0.1-beta.4

v0.0.10

v0.0.2

v0.0.3

v0.0.4

v0.0.5

v0.0.6

v0.0.7

v0.0.8

v0.0.9

v0.1.0

v0.1.1

v0.1.2

v0.1.3

v0.10.0

v0.10.1

v0.11.0

v0.11.1

v0.11.2

v0.12.0

v0.12.1

v0.12.2

v0.13.0

v0.14.0

v0.14.1

v0.15.0

v0.16.0

v0.17.0

v0.17.1

v0.18.0

v0.18.1

v0.18.2

v0.19.0

v0.2.0

v0.2.1

v0.2.2

v0.20.0

v0.20.1

v0.21.0

v0.22.0

v0.22.1

v0.22.2

v0.23.0

v0.23.1

v0.24.0

v0.25.0

v0.26.0

v0.27.0

v0.28.0

v0.28.1

v0.29.0

v0.3.0

v0.30.0

v0.31.0

v0.31.1

v0.31.2

v0.4.0

v0.4.1

v0.4.2

v0.4.3

v0.4.4

v0.5.0

v0.5.1

v0.5.2

v0.6.0

v0.6.1

v0.7.0

v0.8.0

v0.8.1

v0.8.2

v0.9.0