Main Vulnerability Database Vulnerabilities #VU88098

#VU88098 Use of uninitialized variable in Helm - CVE-2024-26147

Published: April 3, 2024 / Updated: December 6, 2024

Vulnerability identifier: #VU88098

Vulnerability risk: Low

CVSSv4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-26147

CWE-ID: CWE-457

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vulnerable software:
Helm

Software vendor:
The Helm Project

Description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to usage of an uninitialized variable when using the LoadIndexFile or DownloadIndexFile functions in the repo package or the LoadDir function in the plugin package. If index.yaml file or a plugins plugin.yaml file are missing in the repository, the application crashes.

Remediation

Install updates from vendor's website.

External links

https://github.com/helm/helm/security/advisories/GHSA-r53h-jv2g-vpx6
https://github.com/helm/helm/commit/bb4cc9125503a923afb7988f3eb478722a8580af

#VU88098 Use of uninitialized variable in Helm - CVE-2024-26147

Description

Remediation

External links

Please verify you're human