CVE-2025-23388 Common Vulnerabilities and Exposures

Upstream information

CVE-2025-23388 at MITRE

Description

A Stack-based Buffer Overflow vulnerability in SUSE rancher allows for denial of service.This issue affects rancher: from 2.8.0 before 2.8.13, from 2.9.0 before 2.9.7, from 2.10.0 before 2.10.3.

Upstream Security Advisories:

https://github.com/rancher/rancher/security/advisories/GHSA-xr9q-h9c7-xw8q

SUSE information

Overall state of this security issue: Resolved

This issue is currently rated as having important severity.

CVSS v3 Scores
	CNA (SUSE)
Base Score	8.2
Vector	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:H
Attack Vector	Network
Attack Complexity	Low
Privileges Required	None
User Interaction	None
Scope	Unchanged
Confidentiality Impact	None
Integrity Impact	Low
Availability Impact	High
CVSSv3 Version	3.1

SUSE Bugzilla entry: 1236668 [NEW]

SUSE Security Advisories:

GHSA-xr9q-h9c7-xw8q, published Thu Feb 27 18:56:15 CET 2025

List of released packages

Product(s)	Fixed package version(s)	References
openSUSE Tumbleweed	`govulncheck-vulndb >= 0.0.20250312T181707-1.1`	Patchnames: openSUSE-Tumbleweed-2025-14889

SUSE Timeline for this CVE

CVE page created: Fri Jan 31 12:45:09 2025
CVE page last modified: Fri Apr 11 18:02:33 2025