CVE-2024-58259
BaseFortify
Publication date: 2025-09-02
Last updated on: 2025-09-02
Assigner: SUSE
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| rancher | rancher_manager | 2.11.0 |
| rancher | rancher_manager | 2.12.0 |
| rancher | rancher_manager | 2.9.12 |
| rancher | rancher_manager | 2.9.0 |
| rancher | rancher_manager | 2.10.9 |
| rancher | rancher_manager | 2.10.0 |
| rancher | rancher_manager | 2.12.1 |
| rancher | rancher_manager | 2.11.5 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-770 | The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in Rancher Manager occurs because it does not enforce limits on the size of request bodies for certain public (unauthenticated) and authenticated API endpoints. An attacker can exploit this by sending very large payloads, which are fully loaded into memory during processing. This can exhaust server resources, causing the Rancher Manager process to crash or become unresponsive, resulting in a Denial of Service (DoS). [1]
How can this vulnerability impact me? :
The vulnerability can lead to a Denial of Service (DoS) condition on the Rancher Manager server. Because the server loads excessively large request bodies into memory without limits, an attacker can cause resource exhaustion, making the server crash or become unresponsive. This disrupts availability of the Rancher Manager services, potentially impacting operations that depend on it. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection can involve monitoring for unusually large request bodies sent to Rancher Manager API endpoints, especially unauthenticated /v3-public/* endpoints and other authenticated APIs. Network traffic capture tools like tcpdump or Wireshark can be used to inspect request sizes. For example, using tcpdump to capture HTTP POST requests to Rancher Manager on port 80 or 443 and filtering for large payloads could help identify exploitation attempts. Specific commands might include: tcpdump -i <interface> -A 'tcp port 80 or 443 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) > 1048576)' to capture packets with payloads larger than 1 MiB. Additionally, reviewing Rancher Manager logs for errors or crashes related to memory exhaustion may indicate exploitation. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading Rancher Manager to a patched version: 2.9.12, 2.10.9, 2.11.5, or 2.12.1 or later. If upgrading immediately is not possible, manually configure request body size limits on the ingress layer, for example by setting size limits in the nginx-ingress controller configuration to restrict request payloads to 1 MiB or less. This limits the ability of attackers to send excessively large payloads and helps prevent Denial of Service. Monitoring and alerting on unusual request sizes can also help mitigate impact. [1]