CVE-2022-43756

Name of the Vulnerable Software and Affected Versions SUSE Rancher wrangler versions 0.7.3 and prior versions SUSE Rancher wrangler versions 0.8.4 and prior versions SUSE Rancher wrangler versions 1.0.0 and prior versions

Description A denial of service vulnerability exists in the Wrangler Git package, allowing remote attackers to cause denial of service by supplying specially crafted git credentials. This issue is caused by a lack of input validation of Git credentials before they are used, which may lead to a denial of service in some cases. The issue can be triggered when accessing both private and public Git repositories.

Recommendations For SUSE Rancher wrangler versions 0.7.3 and prior versions, update to version 0.7.4-security1 or later. For SUSE Rancher wrangler versions 0.8.4 and prior versions, update to version 0.8.5-security1 or later, or version 0.8.11 or later. For SUSE Rancher wrangler versions 1.0.0 and prior versions, update to version 1.0.1 or later. As a temporary workaround, consider sanitizing input passed to the Git package to remove potential unsafe and ambiguous characters.