Home

Description

A vulnerability has been identified within Rancher Manager in which it did not enforce request body size limits on certain public (unauthenticated) and authenticated API endpoints. This allows a malicious user to exploit this by sending excessively large payloads, which are fully loaded into memory during processing, leading to Denial of Service (DoS).

PUBLISHED Reserved 2025-07-23 | Published 2025-09-02 | Updated 2025-09-02 | Assigner suse




HIGH: 8.2CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H

Problem types

CWE-770: Allocation of Resources Without Limits or Throttling

Product status

Default status
unaffected

2.12.0 before 2.12.1
affected

2.11.0 before 2.11.5
affected

2.10.0 before 2.10.9
affected

2.9.0 before 2.9.11
affected

Any version before 0.0.0-20250813072957-aee95d4e2a41
affected

References

bugzilla.suse.com/show_bug.cgi?id=CVE-2024-58259

github.com/...ancher/security/advisories/GHSA-4h45-jpvh-6p5j

cve.org (CVE-2024-58259)

nvd.nist.gov (CVE-2024-58259)

Download JSON