Primary

Context

SUSE Rancher Stack-Based Buffer Overflow Vulnerability Allowing Denial-of-Service

Vulnerability

Patched

A stack-based buffer overflow vulnerability has been identified in SUSE Rancher, specifically in versions 2.8.0 prior to 2.8.13, 2.9.0 prior to 2.9.7, and 2.10.0 prior to 2.10.3. This vulnerability allows for an unauthenticated denial-of-service condition, where the Rancher server crashes upon receiving certain data through the '/v3-public/authproviders' public API endpoint. Although the server crash occurs, no data is written to the API. Clusters managed by Rancher are not affected by this issue.

Impact

Exploitation of this vulnerability leads to a server crash, causing a denial-of-service condition on the Rancher server.

Remediation

Users are advised to upgrade to Rancher versions 2.8.13, 2.9.7, or 2.10.3, which include the necessary patch. Instructions for upgrading can be found in the Rancher documentation.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

8.1

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

5.0

impact

2.5

exploitability

8.1

remediation

7.7

relevance

0.0

threat

0.0

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SUSE Rancher Stack-Based Buffer Overflow Vulnerability Allowing Denial-of-Service

Vulnerability

Impact

Remediation

Affected Products

SUSE Rancher

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating