VDB

RHBA-2023%3A6863

RHBA-2023%3A6863 PUBLISHED CVSS 7.5 HIGH

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Red Hatlvms4/lvms-must-gather-rhel9@sha256:e21c0af48138064f6904e2fb459b76239c9f3e1dffddac5dfc55e0f38eea5559_amd64 as a component of LVMS 4.14 for RHEL 9lvms4/lvms-must-gather-rhel9@sha256:e21c0af48138064f6904e2fb459b76239c9f3e1dffddac5dfc55e0f38eea5559_amd64, lvms4/lvms-must-gather-rhel9@sha256:e21c0af48138064f6904e2fb459b76239c9f3e1dffddac5dfc55e0f38eea5559_amd64, lvms4/lvms-must-gather-rhel9@sha256:e21c0af48138064f6904e2fb459b76239c9f3e1dffddac5dfc55e0f38eea5559_amd64
Red Hatlvms4/lvms-must-gather-rhel9@sha256:bfaee17835e1411c3e916e992a510641d2ddaaa2a4a85243b6f27fec541eae3a_ppc64le as a component of LVMS 4.14 for RHEL 9lvms4/lvms-must-gather-rhel9@sha256:bfaee17835e1411c3e916e992a510641d2ddaaa2a4a85243b6f27fec541eae3a_ppc64le, lvms4/lvms-must-gather-rhel9@sha256:bfaee17835e1411c3e916e992a510641d2ddaaa2a4a85243b6f27fec541eae3a_ppc64le, lvms4/lvms-must-gather-rhel9@sha256:bfaee17835e1411c3e916e992a510641d2ddaaa2a4a85243b6f27fec541eae3a_ppc64le
Red Hatlvms4/lvms-rhel9-operator@sha256:9c47279574868a772f7d14d9de8da670df5101287a5486347b9bd00586e78c17_ppc64le as a component of LVMS 4.14 for RHEL 9lvms4/lvms-rhel9-operator@sha256:9c47279574868a772f7d14d9de8da670df5101287a5486347b9bd00586e78c17_ppc64le, *, lvms4/lvms-rhel9-operator@sha256:9c47279574868a772f7d14d9de8da670df5101287a5486347b9bd00586e78c17_ppc64le
golangnet/http
Red Hatlvms4/lvms-operator-bundle@sha256:b67d52a00937fb779cc98c18c1d8d21797363b19b6f4da04c1df0508698ac7cd_amd64 as a component of LVMS 4.14 for RHEL 9*, lvms4/lvms-operator-bundle@sha256:b67d52a00937fb779cc98c18c1d8d21797363b19b6f4da04c1df0508698ac7cd_amd64, lvms4/lvms-operator-bundle@sha256:b67d52a00937fb779cc98c18c1d8d21797363b19b6f4da04c1df0508698ac7cd_amd64
Red Hatlvms4/lvms-operator-bundle@sha256:b67d52a00937fb779cc98c18c1d8d21797363b19b6f4da04c1df0508698ac7cd_amd64 as a component of LVMS 4.14 for RHEL 9*, lvms4/lvms-operator-bundle@sha256:b67d52a00937fb779cc98c18c1d8d21797363b19b6f4da04c1df0508698ac7cd_amd64, lvms4/lvms-operator-bundle@sha256:b67d52a00937fb779cc98c18c1d8d21797363b19b6f4da04c1df0508698ac7cd_amd64
Red Hatlvms4/topolvm-rhel9@sha256:e97314d049510baa9d1021ac848f0826be1310cc870e6bd57aa3ef41cf8a0cc4_amd64 as a component of LVMS 4.14 for RHEL 9lvms4/topolvm-rhel9@sha256:e97314d049510baa9d1021ac848f0826be1310cc870e6bd57aa3ef41cf8a0cc4_amd64, lvms4/topolvm-rhel9@sha256:e97314d049510baa9d1021ac848f0826be1310cc870e6bd57aa3ef41cf8a0cc4_amd64, *
Red Hatlvms4/topolvm-rhel9@sha256:cd9546b5a46c6e36327a972f26938d8cdc734649d61ed02648eed33dd29d9633_s390x as a component of LVMS 4.14 for RHEL 9lvms4/topolvm-rhel9@sha256:cd9546b5a46c6e36327a972f26938d8cdc734649d61ed02648eed33dd29d9633_s390x, lvms4/topolvm-rhel9@sha256:cd9546b5a46c6e36327a972f26938d8cdc734649d61ed02648eed33dd29d9633_s390x, lvms4/topolvm-rhel9@sha256:cd9546b5a46c6e36327a972f26938d8cdc734649d61ed02648eed33dd29d9633_s390x
Red Hatlvms4/topolvm-rhel9@sha256:edb27e93b14212d79c959a1a325310d31496f53fac846049393f25ea18ec1349_ppc64le as a component of LVMS 4.14 for RHEL 9lvms4/topolvm-rhel9@sha256:edb27e93b14212d79c959a1a325310d31496f53fac846049393f25ea18ec1349_ppc64le, lvms4/topolvm-rhel9@sha256:edb27e93b14212d79c959a1a325310d31496f53fac846049393f25ea18ec1349_ppc64le, lvms4/topolvm-rhel9@sha256:edb27e93b14212d79c959a1a325310d31496f53fac846049393f25ea18ec1349_ppc64le
Red Hatlvms4/topolvm-rhel9@sha256:e97314d049510baa9d1021ac848f0826be1310cc870e6bd57aa3ef41cf8a0cc4_amd64 as a component of LVMS 4.14 for RHEL 9lvms4/topolvm-rhel9@sha256:e97314d049510baa9d1021ac848f0826be1310cc870e6bd57aa3ef41cf8a0cc4_amd64, *, *
Red Hatlvms4/topolvm-rhel9@sha256:0897e589f2dd003f58e09ce1fef3288cc3f682a24096f0991b3dfdd217ff5c34_arm64 as a component of LVMS 4.14 for RHEL 9*, *, *
Red Hatlvms4/lvms-must-gather-rhel9@sha256:3abc7f735860ae910e9fcd5d1e419af66911ebd6a502ad85c2e2753536749cdb_s390x as a component of LVMS 4.14 for RHEL 9*, *, lvms4/lvms-must-gather-rhel9@sha256:3abc7f735860ae910e9fcd5d1e419af66911ebd6a502ad85c2e2753536749cdb_s390x
Red Hatlvms4/topolvm-rhel9@sha256:cd9546b5a46c6e36327a972f26938d8cdc734649d61ed02648eed33dd29d9633_s390x as a component of LVMS 4.14 for RHEL 9lvms4/topolvm-rhel9@sha256:cd9546b5a46c6e36327a972f26938d8cdc734649d61ed02648eed33dd29d9633_s390x, *, lvms4/topolvm-rhel9@sha256:cd9546b5a46c6e36327a972f26938d8cdc734649d61ed02648eed33dd29d9633_s390x
Red Hatlvms4/lvms-operator-bundle@sha256:8f9e651d7cbfd546991f05a5e05ac8331fbd5ec676f227e12bb13f2f4fd670d3_s390x as a component of LVMS 4.14 for RHEL 9*, lvms4/lvms-operator-bundle@sha256:8f9e651d7cbfd546991f05a5e05ac8331fbd5ec676f227e12bb13f2f4fd670d3_s390x, *
Red Hatlvms4/lvms-rhel9-operator@sha256:9c47279574868a772f7d14d9de8da670df5101287a5486347b9bd00586e78c17_ppc64le as a component of LVMS 4.14 for RHEL 9lvms4/lvms-rhel9-operator@sha256:9c47279574868a772f7d14d9de8da670df5101287a5486347b9bd00586e78c17_ppc64le, *, lvms4/lvms-rhel9-operator@sha256:9c47279574868a772f7d14d9de8da670df5101287a5486347b9bd00586e78c17_ppc64le
Red Hatlvms4/lvms-operator-bundle@sha256:c683e4da500bbb8753b184e43377bf7525fb6ffb20750a6695973025d3bce221_ppc64le as a component of LVMS 4.14 for RHEL 9lvms4/lvms-operator-bundle@sha256:c683e4da500bbb8753b184e43377bf7525fb6ffb20750a6695973025d3bce221_ppc64le, lvms4/lvms-operator-bundle@sha256:c683e4da500bbb8753b184e43377bf7525fb6ffb20750a6695973025d3bce221_ppc64le, *
Red Hatlvms4/lvms-must-gather-rhel9@sha256:3abc7f735860ae910e9fcd5d1e419af66911ebd6a502ad85c2e2753536749cdb_s390x as a component of LVMS 4.14 for RHEL 9lvms4/lvms-must-gather-rhel9@sha256:3abc7f735860ae910e9fcd5d1e419af66911ebd6a502ad85c2e2753536749cdb_s390x, *, *
Red Hatlvms4/lvms-must-gather-rhel9@sha256:a83ab3e4e4174243bba1fbe96052ec8a5f0c4c5f74d8ecb04f5647796736f348_arm64 as a component of LVMS 4.14 for RHEL 9lvms4/lvms-must-gather-rhel9@sha256:a83ab3e4e4174243bba1fbe96052ec8a5f0c4c5f74d8ecb04f5647796736f348_arm64, lvms4/lvms-must-gather-rhel9@sha256:a83ab3e4e4174243bba1fbe96052ec8a5f0c4c5f74d8ecb04f5647796736f348_arm64, lvms4/lvms-must-gather-rhel9@sha256:a83ab3e4e4174243bba1fbe96052ec8a5f0c4c5f74d8ecb04f5647796736f348_arm64
golanggo
Red Hatlvms4/lvms-rhel9-operator@sha256:a3cdbde1cbc51deb706c99935de6737bda7ef1b4f54fc3ba59a18696285c9a6c_amd64 as a component of LVMS 4.14 for RHEL 9lvms4/lvms-rhel9-operator@sha256:a3cdbde1cbc51deb706c99935de6737bda7ef1b4f54fc3ba59a18696285c9a6c_amd64, lvms4/lvms-rhel9-operator@sha256:a3cdbde1cbc51deb706c99935de6737bda7ef1b4f54fc3ba59a18696285c9a6c_amd64, lvms4/lvms-rhel9-operator@sha256:a3cdbde1cbc51deb706c99935de6737bda7ef1b4f54fc3ba59a18696285c9a6c_amd64

…and 14 more

Timeline

  • Nov 9, 2023 CVE Published
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Jun 19, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›