EUVD-2023-2541

🗓️ 03 Oct 2025 20:07:09Reported by EUVDType

Vulnerability in SUSE k3s allows denial of service via unlimited resource allocation on apiserver port.

Reporter	Title	Published	Views	Family All 16
AlpineLinux	CVE-2023-32187	18 Sep 202312:04	–	alpinelinux
Chainguard	CVE-2023-32187 vulnerabilities	18 Sep 202313:15	–	cgr
CNNVD	SUSE Rancher K3s Security Vulnerability	18 Sep 202300:00	–	cnnvd
CVE	CVE-2023-32187	18 Sep 202312:04	–	cve
Cvelist	CVE-2023-32187	18 Sep 202312:04	–	cvelist
Github Security Blog	K3s apiserver port is vulnerable to unauthenticated remote denial-of-service (DoS) attack via TLS SAN stuffing attack	11 Sep 202313:47	–	github
NVD	CVE-2023-32187	18 Sep 202313:15	–	nvd
OSV	CGA-326M-8F4M-788P	6 Jun 202412:21	–	osv
OSV	CGA-JWQ9-4GHJ-H3HH	29 Jan 202600:49	–	osv
OSV	CVE-2023-32187	18 Sep 202313:15	–	osv

[
  {
    "enisaIdVendor": [
      {
        "id": "33ecb75d-4b12-3ad6-a6d1-7c967a243c7f",
        "vendor": {
          "name": "SUSE"
        }
      }
    ],
    "enisaIdProduct": [
      {
        "id": "35470e71-f875-3ed6-b183-039d86b2e298",
        "product": {
          "name": "k3s"
        },
        "product_version": "v1.25.0 <v1.25.13+k3s1"
      },
      {
        "id": "8eb031da-1020-363f-abf1-ae45e4832905",
        "product": {
          "name": "k3s"
        },
        "product_version": "sev1.27.0 <v1.27.5+k3s1"
      },
      {
        "id": "cbd1ee2f-ab96-36bb-bd09-98ffc761d58e",
        "product": {
          "name": "k3s"
        },
        "product_version": "v1.24.0 <v1.24.17+k3s1"
      },
      {
        "id": "ef257b12-a098-331f-9b83-7df4b4b2dc93",
        "product": {
          "name": "k3s"
        },
        "product_version": "v1.26.0 <v1.26.8+k3s1"
      },
      {
        "id": "ff07d34d-6873-3539-a6c7-632e63c1ddaa",
        "product": {
          "name": "k3s"
        },
        "product_version": "v1.28.0 <v1.28.1+k3s1"
      }
    ]
  }
]

Source	Link
github	www.github.com/k3s-io/k3s/security/advisories/GHSA-m4hf-6vgr-75r2
nvd	www.nvd.nist.gov/vuln/detail/CVE-2023-32187
bugzilla	www.bugzilla.suse.com/show_bug.cgi
github	www.github.com/k3s-io/k3s
bugzilla	www.bugzilla.suse.com/show_bug.cgi

03 Oct 2025 20:07Current

7.4High risk

Vulners AI Score7.4

CVSS 3.17.5

EPSS0.0023

SSVC