CVE-2024-58259
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-02

Last updated on: 2025-09-02

Assigner: SUSE

Description
A vulnerability has been identified within Rancher Manager in which it did not enforce request body size limits on certain public (unauthenticated) and authenticated API endpoints. This allows a malicious user to exploit this by sending excessively large payloads, which are fully loaded into memory during processing, leading toΒ Denial of Service (DoS).
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-02
Last Modified
2025-09-02
Generated
2026-06-16
AI Q&A
2025-09-02
EPSS Evaluated
2026-06-15
NVD
CVE-2024-58259
EUVD
EUVD-2024-54940
Affected Vendors & Products
Showing 8 associated CPEs
Vendor Product Version / Range
rancher rancher_manager 2.11.0
rancher rancher_manager 2.12.0
rancher rancher_manager 2.9.12
rancher rancher_manager 2.9.0
rancher rancher_manager 2.10.9
rancher rancher_manager 2.10.0
rancher rancher_manager 2.12.1
rancher rancher_manager 2.11.5
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-770 The product allocates a reusable resource or group of resources on behalf of an actor without imposing any intended restrictions on the size or number of resources that can be allocated.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

This vulnerability in Rancher Manager occurs because it does not enforce limits on the size of request bodies for certain public (unauthenticated) and authenticated API endpoints. An attacker can exploit this by sending very large payloads, which are fully loaded into memory during processing. This can exhaust server resources, causing the Rancher Manager process to crash or become unresponsive, resulting in a Denial of Service (DoS). [1]

Impact Analysis

The vulnerability can lead to a Denial of Service (DoS) condition on the Rancher Manager server. Because the server loads excessively large request bodies into memory without limits, an attacker can cause resource exhaustion, making the server crash or become unresponsive. This disrupts availability of the Rancher Manager services, potentially impacting operations that depend on it. [1]

Detection Guidance

Detection can involve monitoring for unusually large request bodies sent to Rancher Manager API endpoints, especially unauthenticated /v3-public/* endpoints and other authenticated APIs. Network traffic capture tools like tcpdump or Wireshark can be used to inspect request sizes. For example, using tcpdump to capture HTTP POST requests to Rancher Manager on port 80 or 443 and filtering for large payloads could help identify exploitation attempts. Specific commands might include: tcpdump -i <interface> -A 'tcp port 80 or 443 and (((ip[2:2] - ((ip[0]&0xf)<<2)) - ((tcp[12]&0xf0)>>2)) > 1048576)' to capture packets with payloads larger than 1 MiB. Additionally, reviewing Rancher Manager logs for errors or crashes related to memory exhaustion may indicate exploitation. [1]

Mitigation Strategies

Immediate mitigation steps include upgrading Rancher Manager to a patched version: 2.9.12, 2.10.9, 2.11.5, or 2.12.1 or later. If upgrading immediately is not possible, manually configure request body size limits on the ingress layer, for example by setting size limits in the nginx-ingress controller configuration to restrict request payloads to 1 MiB or less. This limits the ability of attackers to send excessively large payloads and helps prevent Denial of Service. Monitoring and alerting on unusual request sizes can also help mitigate impact. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2024-58259. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart