K3s apiserver port is vulnerable to unauthenticated remote denial-of-service (DoS) attack via TLS SAN stuffing attack
Impact An issue was found in K3s where an attacker with network access to K3s servers' apiserver/supervisor port TCP 6443 can force the TLS server to add entries to the certificate's Subject Alternative Name SAN list, through a stuffing attack, until the certificate grows so large that it exceeds...