Trivy, a security scanner, contains a flaw in its Helm chart unpacker that reads tar entries with io.ReadAll without imposing a size limit. An attacker who can supply a malicious .tgz file can craft a small compressed archive that expands to gigabytes when extracted, consuming excessive memory and causing the Trivy process to be terminated by the operating system’s OOM killer. This results in the scanning service becoming unavailable, effectively a denial‑of‑service for any workflow that depends on Trivy’s analysis. The weakness is related to resource exhaustion and uncontrolled allocation, as reflected in the associated CWE-770 and CWE-789 identifiers.

Aqua Security’s Trivy product is affected. Any Trivy version prior to 0.71.0 is vulnerable, regardless of the environment or deployment method. The vulnerability is tied to the processing of Helm chart archives (files with .tgz extension). Users should verify their installed Trivy version and consider the affected range if an earlier release is in use.

The CVSS score of 6.9 places this problem in the moderate severity range. No EPSS score is currently available, and the vulnerability is not listed in the CISA KEV catalog. The attack requires an attacker to be able to place a crafted .tgz file in a location that Trivy scans locally, so it is mainly a local or supply‑chain attack vector rather than a remote network‑based exploitation. If an environment trusts the source of Helm charts, the risk is lower; if untrusted archives can be introduced, the risk of service disruption is significant.