CVE-2024-58259

CWE-770Allocation without Limits5 documents4 sources
Severity
8.2HIGH
EPSS
0.0%
top 90.14%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Suse RancherGithub.com Rancher/rancher
Timeline
PublishedSep 2
Latest updateSep 8

Description

A vulnerability has been identified within Rancher Manager in which it did not enforce request body size limits on certain public (unauthenticated) and authenticated API endpoints. This allows a malicious user to exploit this by sending excessively large payloads, which are fully loaded into memory during processing, leading to Denial of Service (DoS).

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:HExploitability: 3.9 | Impact: 4.2

Affected Packages2 packages

CVEListV5suse/rancher2.12.02.12.1+4
Gogithub.com/rancher/rancher2.12.02.12.1+4

🔴Vulnerability Details

4
OSV
Rancher affected by unauthenticated Denial of Service in github.com/rancher/rancher2025-09-08
CVEList
Rancher affected by unauthenticated Denial of Service2025-09-02
OSV
Rancher affected by unauthenticated Denial of Service2025-08-29
GHSA
Rancher affected by unauthenticated Denial of Service2025-08-29
CVE-2024-58259 (HIGH CVSS 8.2) | A vulnerability has been identified | cvebase.io