Bug 2265440 (CVE-2024-26147)
| Summary: | CVE-2024-26147 helm: Missing YAML Content Leads To Panic | |||
|---|---|---|---|---|
| Product: | [Other] Security Response | Reporter: | Patrick Del Bello <pdelbell> | |
| Component: | vulnerability | Assignee: | Product Security <prodsec-ir-bot> | |
| Status: | NEW --- | QA Contact: | ||
| Severity: | medium | Docs Contact: | ||
| Priority: | medium | |||
| Version: | unspecified | CC: | amctagga, anjoseph, dfreiber, dkenigsb, drow, eglynn, fdeutsch, gparvin, jburrell, jjoyce, jprabhak, jschluet, jwendell, lbainbri, lhh, lsvaty, mburns, mgarciac, muagarwa, njean, odf-bz-bot, oramraz, owatkins, pahickey, pgrist, rcernich, rgarg, rhaigner, rhos-maint, sapillai, sidakwo, smullick, tnielsen, twalsh, vkumar, ybuenos | |
| Target Milestone: | --- | Keywords: | Security | |
| Target Release: | --- | |||
| Hardware: | All | |||
| OS: | Linux | |||
| Whiteboard: | ||||
| Fixed In Version: | Helm 3.14.2 | Doc Type: | --- | |
| Doc Text: |
A vulnerability was found in Helm. This flaw may lead to a panic when Helm parses index and plugin yaml files missing expected content, leading to a denial of service.
|
Story Points: | --- | |
| Clone Of: | ||||
| : | 2268195 (view as bug list) | Environment: | ||
| Last Closed: | Type: | --- | ||
| Regression: | --- | Mount Type: | --- | |
| Documentation: | --- | CRM: | ||
| Verified Versions: | Category: | --- | ||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | ||
| Cloudforms Team: | --- | Target Upstream Version: | ||
| Embargoed: | ||||
| Bug Depends On: | 2265441, 2265442, 2265445 | |||
| Bug Blocks: | 2265439, 2268195 | |||
|
Description
Patrick Del Bello
2024-02-22 01:43:47 UTC
*** Bug 2268195 has been marked as a duplicate of this bug. *** This issue has been addressed in the following products: Red Hat Advanced Cluster Management for Kubernetes 2.9 for RHEL 8 Via RHSA-2024:1328 https://access.redhat.com/errata/RHSA-2024:1328 This issue has been addressed in the following products: Red Hat Advanced Cluster Security 4.3 Via RHSA-2024:1549 https://access.redhat.com/errata/RHSA-2024:1549 This issue has been addressed in the following products: Red Hat Advanced Cluster Security 4.4 Via RHSA-2024:1570 https://access.redhat.com/errata/RHSA-2024:1570 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2024:2865 https://access.redhat.com/errata/RHSA-2024:2865 This issue has been addressed in the following products: Red Hat OpenShift GitOps 1.12 Red Hat OpenShift GitOps 1.12 - RHEL 9 Via RHSA-2024:4163 https://access.redhat.com/errata/RHSA-2024:4163 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.16 Via RHSA-2024:4156 https://access.redhat.com/errata/RHSA-2024:4156 This issue has been addressed in the following products: Red Hat OpenShift GitOps 1.11 Via RHSA-2024:4626 https://access.redhat.com/errata/RHSA-2024:4626 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2024:6013 https://access.redhat.com/errata/RHSA-2024:6013 This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2025:4177 https://access.redhat.com/errata/RHSA-2025:4177 |