<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:content="http://purl.org/rss/1.0/modules/content/"><channel><title>Cpe:2.3:a:aquasec:trivy:*:*:*:*:*:go:*:* - CraftedSignal Threat Feed</title><link>https://feed.craftedsignal.io/cpes/cpe2.3aaquasectrivygo/</link><description>Trending threats, MITRE ATT&amp;CK coverage, and detection metadata. Fed continuously.</description><generator>Hugo</generator><language>en</language><managingEditor>hello@craftedsignal.io</managingEditor><webMaster>hello@craftedsignal.io</webMaster><lastBuildDate>Tue, 14 Jul 2026 20:24:57 +0000</lastBuildDate><atom:link href="https://feed.craftedsignal.io/cpes/cpe2.3aaquasectrivygo/feed.xml" rel="self" type="application/rss+xml"/><item><title>Trivy Unbounded Read Leads to Denial of Service via Helm Chart Tar Bomb</title><link>https://feed.craftedsignal.io/briefs/2026-07-trivy-oom/</link><pubDate>Tue, 14 Jul 2026 20:24:57 +0000</pubDate><author>hello@craftedsignal.io</author><guid isPermaLink="true">https://feed.craftedsignal.io/briefs/2026-07-trivy-oom/</guid><description>Trivy versions prior to 0.71.0 are vulnerable to CVE-2026-54448, a denial-of-service attack where a crafted Helm chart archive (.tgz) can cause unbounded memory consumption, leading to the OS OOM killer terminating the Trivy process and other services on the host or CI runner.</description><content:encoded><![CDATA[<p>Trivy, an open-source vulnerability scanner from Aquasecurity, is affected by CVE-2026-54448, a denial-of-service vulnerability present in versions prior to 0.71.0. This flaw allows an attacker to exhaust system memory and trigger an Out-Of-Memory (OOM) kill of the Trivy process and potentially other co-located processes. The vulnerability occurs when Trivy scans a malicious Helm chart archive (<code>.tgz</code> file) as part of configuration, filesystem, or image scans with misconfiguration scanning enabled. Its custom tar unpacker attempts to read each archive entry into memory using <code>io.ReadAll</code> without any size limitations. A small, specially crafted compressed archive can decompress to gigabytes of data, rapidly consuming all available RAM. This can lead to CI pipeline failures, service disruptions, and increased cloud resource costs in affected environments. The issue was fixed in Trivy v0.71.0 by replacing the custom unpacker with the official Helm SDK's <code>archive.LoadArchiveFiles</code>, which enforces size limits and validates archive structure.</p>
<h2 id="attack-chain">Attack Chain</h2>
<ol>
<li>An attacker creates a highly compressed <code>.tgz</code> Helm chart archive designed to decompress into an extremely large file, for example, by embedding a large number of null bytes.</li>
<li>The attacker places this crafted <code>.tgz</code> file in a location that a vulnerable Trivy instance is configured to scan, such as a repository that a CI pipeline runs <code>trivy config .</code> on, or within a container image scanned for misconfigurations.</li>
<li>A vulnerable Trivy instance (version &lt; 0.71.0) initiates a scan that includes the path containing the malicious <code>.tgz</code> file, for example, via <code>trivy config &lt;dir&gt;</code>, <code>trivy filesystem --scanners misconf &lt;dir&gt;</code>, or <code>trivy image --scanners misconf &lt;image&gt;</code>.</li>
<li>Trivy's internal tar unpacker encounters the malicious <code>.tgz</code> file and attempts to decompress and parse it as a Helm chart.</li>
<li>Due to the unbounded <code>io.ReadAll</code> implementation, Trivy attempts to read the entire decompressed (gigabytes-large) archive entry into memory without any size limits.</li>
<li>The Trivy process rapidly consumes all available memory on the host system or CI runner where it is executing, leading to severe memory pressure.</li>
<li>The operating system's Out-Of-Memory (OOM) killer is triggered in response to the memory exhaustion.</li>
<li>The OOM killer forcibly terminates the Trivy process and potentially other processes sharing the same host, resulting in a denial of service (DoS) for the scanning operation and potential disruption to the CI pipeline or affected system.</li>
</ol>
<h2 id="impact">Impact</h2>
<p>An attacker exploiting CVE-2026-54448 can cause a denial of service by exhausting all available memory on the host running the vulnerable Trivy process. This triggers the operating system's OOM killer, which terminates the Trivy process and may also affect other processes sharing the same host or CI runner. In CI/CD environments, the practical impact is that security scans fail, pipelines are blocked, and repeated submissions of malicious archives continue to disrupt operations. Cloud CI runners may also incur additional costs due to prolonged resource consumption attempts. There is no observed impact on the confidentiality or integrity of the scanned system itself, only its availability.</p>
<h2 id="recommendation">Recommendation</h2>
<ul>
<li>Upgrade Trivy to version <code>v0.71.0</code> or later immediately to patch CVE-2026-54448. The fix replaces the vulnerable custom tar unpacker with the official Helm SDK which includes size limits.</li>
<li>If immediate upgrade is not possible, set memory limits (e.g., via cgroups or container runtime configurations) on the Trivy process to bound the blast radius of memory exhaustion.</li>
<li>Use the <code>--skip-dirs</code> flag to exclude directories containing untrusted Helm chart archives (<code>.tgz</code> files) from Trivy scans.</li>
<li>Avoid scanning repositories or container images that are known to contain untrusted <code>.tgz</code> files when using vulnerable versions of Trivy.</li>
</ul>
]]></content:encoded><category domain="severity">low</category><category domain="type">advisory</category><category>supply-chain</category><category>vulnerability</category><category>denial-of-service</category><category>ci-cd</category></item></channel></rss>