{
  "threat_severity" : "Moderate",
  "public_date" : "2022-12-15T00:00:00Z",
  "bugzilla" : {
    "description" : "helm: Denial of service through string value parsing",
    "id" : "2154200",
    "url" : "https://bugzilla.redhat.com/show_bug.cgi?id=2154200"
  },
  "cvss3" : {
    "cvss3_base_score" : "7.5",
    "cvss3_scoring_vector" : "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
    "status" : "verified"
  },
  "cwe" : "CWE-400",
  "details" : [ "Helm is a tool for managing Charts, pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to Uncontrolled Resource Consumption, resulting in Denial of Service. Input to functions in the _strvals_ package can cause a stack overflow. In Go, a stack overflow cannot be recovered from. Applications that use functions from the _strvals_ package in the Helm SDK can have a Denial of Service attack when they use this package and it panics. This issue has been patched in 3.10.3. SDK users can validate strings supplied by users won't create large arrays causing significant memory usage before passing them to the _strvals_ functions.", "A flaw was found in Helm, a tool for managing Charts, a pre-configured Kubernetes resources. Versions prior to 3.10.3 are subject to Uncontrolled Resource Consumption. Input to functions in the _strvals_ package could cause a stack overflow that is unrecoverable by Go. Applications that use functions from the _strvals_ package in Helm SDK may result in a denial of service." ],
  "statement" : "This moderate severity flaw was found in Helm’s strvals package, which is used for parsing string values into Go structures. The issue occurs when specially crafted input is processed, leading to excessive recursive parsing that causes a stack overflow. Since a stack overflow in Go cannot be recovered from, this results in a denial of service (DoS). Applications or SDKs using strvals to handle user-supplied input may crash when parsing such data.",
  "affected_release" : [ {
    "product_name" : "Red Hat OpenShift Container Platform 4.12",
    "release_date" : "2023-04-11T00:00:00Z",
    "advisory" : "RHSA-2023:1646",
    "cpe" : "cpe:/a:redhat:openshift:4.12::el8",
    "package" : "openshift4/metallb-rhel8-operator:v4.12.0-202303301557.p0.g270d2eb.assembly.stream"
  } ],
  "package_state" : [ {
    "product_name" : "cert-manager Operator for Red Hat OpenShift",
    "fix_state" : "Will not fix",
    "package_name" : "cert-manager/jetstack-cert-manager-rhel9",
    "cpe" : "cpe:/a:redhat:cert_manager:1"
  }, {
    "product_name" : "Cryostat 2",
    "fix_state" : "Not affected",
    "package_name" : "cryostat-20-tech-preview/cryostat-rhel8-operator",
    "cpe" : "cpe:/a:redhat:cryostat:2"
  }, {
    "product_name" : "OpenShift Developer Tools and Services",
    "fix_state" : "Will not fix",
    "package_name" : "jenkins-operator-container",
    "cpe" : "cpe:/a:redhat:ocp_tools"
  }, {
    "product_name" : "OpenShift Serverless",
    "fix_state" : "Will not fix",
    "package_name" : "openshift-serverless-1/ingress-rhel8-operator",
    "cpe" : "cpe:/a:redhat:serverless:1"
  }, {
    "product_name" : "Red Hat 3scale API Management Platform 2",
    "fix_state" : "Affected",
    "package_name" : "3scale-operator-container",
    "cpe" : "cpe:/a:redhat:red_hat_3scale_amp:2"
  }, {
    "product_name" : "Red Hat Advanced Cluster Management for Kubernetes 2",
    "fix_state" : "Will not fix",
    "package_name" : "rhacm2/search-rhel8",
    "cpe" : "cpe:/a:redhat:acm:2"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 3",
    "fix_state" : "Affected",
    "package_name" : "advanced-cluster-security/rhacs-central-db-rhel8",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:3"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 3",
    "fix_state" : "Affected",
    "package_name" : "advanced-cluster-security/rhacs-docs-rhel8",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:3"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 3",
    "fix_state" : "Affected",
    "package_name" : "advanced-cluster-security/rhacs-main-rhel8",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:3"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 3",
    "fix_state" : "Affected",
    "package_name" : "advanced-cluster-security/rhacs-rhel8-operator",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:3"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 3",
    "fix_state" : "Affected",
    "package_name" : "advanced-cluster-security/rhacs-roxctl-rhel8",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:3"
  }, {
    "product_name" : "Red Hat Advanced Cluster Security 4",
    "fix_state" : "Not affected",
    "package_name" : "advanced-cluster-security/rhacs-main-rhel8",
    "cpe" : "cpe:/a:redhat:advanced_cluster_security:4"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Affected",
    "package_name" : "openshift4/ose-ansible-operator",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Affected",
    "package_name" : "openshift4/ose-console",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Affected",
    "package_name" : "openshift4/ose-helm-rhel9-operator",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Will not fix",
    "package_name" : "openshift4/ose-metering-helm-container-rhel8",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat OpenShift Container Platform 4",
    "fix_state" : "Affected",
    "package_name" : "openshift4/ose-operator-sdk-rhel8",
    "cpe" : "cpe:/a:redhat:openshift:4"
  }, {
    "product_name" : "Red Hat Openshift Container Storage 4",
    "fix_state" : "Out of support scope",
    "package_name" : "ocs4/rook-ceph-rhel8-operator",
    "cpe" : "cpe:/a:redhat:openshift_container_storage:4"
  }, {
    "product_name" : "Red Hat Openshift Data Foundation 4",
    "fix_state" : "Not affected",
    "package_name" : "odf4/rook-ceph-rhel8-operator",
    "cpe" : "cpe:/a:redhat:openshift_data_foundation:4"
  } ],
  "references" : [ "https://www.cve.org/CVERecord?id=CVE-2022-23524\nhttps://nvd.nist.gov/vuln/detail/CVE-2022-23524\nhttps://github.com/helm/helm/security/advisories/GHSA-6rx9-889q-vv2r" ],
  "name" : "CVE-2022-23524",
  "mitigation" : {
    "value" : "SDK users can validate strings supplied by users that won't create large arrays causing significant memory usage before passing them to the _strvals_ functions.",
    "lang" : "en:us"
  },
  "csaw" : false
}