Main Vulnerability Database Vulnerabilities #VU88098

Use of uninitialized variable in Helm - CVE-2024-26147

Published: April 3, 2024 / Updated: December 6, 2024

Vulnerability identifier: #VU88098

CSH Severity: Low

CVSS v4.0: CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:A/VC:N/VI:N/VA:L/SC:N/SI:N/SA:N/E:U/U:Clear

CVE-ID: CVE-2024-26147

CWE-ID: CWE-457

Exploitation vector: Remote access

Exploit availability: No public exploit available

Vendor: The Helm Project

Affected software:
Helm

Detailed vulnerability description

The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.

The vulnerability exists due to usage of an uninitialized variable when using the LoadIndexFile or DownloadIndexFile functions in the repo package or the LoadDir function in the plugin package. If index.yaml file or a plugins plugin.yaml file are missing in the repository, the application crashes.

How to mitigate CVE-2024-26147

Install updates from vendor's website.

Sources

https://github.com/helm/helm/security/advisories/GHSA-r53h-jv2g-vpx6
https://github.com/helm/helm/commit/bb4cc9125503a923afb7988f3eb478722a8580af

Use of uninitialized variable in Helm - CVE-2024-26147

Detailed vulnerability description

How to mitigate CVE-2024-26147

Sources

Please verify you're human