VDB

RHBA-2024%3A0599

RHBA-2024%3A0599 PUBLISHED CVSS 7.5 HIGH

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Red Hatmta/mta-hub-rhel9@sha256:b57ab84961a2ca5e2c67ed4a58d6445698d2fd195290010a2f5adf5928ce9938_amd64 as a component of MTA 7.0 for RHEL 9
Red Hatmta/mta-windup-shim-rhel9@sha256:7ab7480cf40d5e71ab2b9c94f4f6e37d533209da317c70023bb82abe7216b498_amd64 as a component of MTA 7.0 for RHEL 9*, mta/mta-windup-shim-rhel9@sha256:7ab7480cf40d5e71ab2b9c94f4f6e37d533209da317c70023bb82abe7216b498_amd64, *
Red Hatmta/mta-analyzer-lsp-rhel9@sha256:5ecb233843ae369e5b7c1acae988e5a19bdc69f232df85abdfc37e921ca10e86_amd64 as a component of MTA 7.0 for RHEL 9mta/mta-analyzer-lsp-rhel9@sha256:5ecb233843ae369e5b7c1acae988e5a19bdc69f232df85abdfc37e921ca10e86_amd64, *, mta/mta-analyzer-lsp-rhel9@sha256:5ecb233843ae369e5b7c1acae988e5a19bdc69f232df85abdfc37e921ca10e86_amd64
Red Hatmta/mta-analyzer-lsp-rhel9@sha256:5ecb233843ae369e5b7c1acae988e5a19bdc69f232df85abdfc37e921ca10e86_amd64 as a component of MTA 7.0 for RHEL 9*, *, mta/mta-analyzer-lsp-rhel9@sha256:5ecb233843ae369e5b7c1acae988e5a19bdc69f232df85abdfc37e921ca10e86_amd64
Red Hatmta/mta-operator-bundle@sha256:323c8ff5f805ffbfdeef1e54208c9bf080564a8baf4b94acf9f4c98e85ebcb22_amd64 as a component of MTA 7.0 for RHEL 9*, mta/mta-operator-bundle@sha256:323c8ff5f805ffbfdeef1e54208c9bf080564a8baf4b94acf9f4c98e85ebcb22_amd64, *
Red Hatmta/mta-rhel8-operator@sha256:773b71296ffb507938983d8afe563a5a7bd822c940dd3717cec8410c348d86d8_amd64 as a component of MTA 7.0 for RHEL 8mta/mta-rhel8-operator@sha256:773b71296ffb507938983d8afe563a5a7bd822c940dd3717cec8410c348d86d8_amd64, mta/mta-rhel8-operator@sha256:773b71296ffb507938983d8afe563a5a7bd822c940dd3717cec8410c348d86d8_amd64, mta/mta-rhel8-operator@sha256:773b71296ffb507938983d8afe563a5a7bd822c940dd3717cec8410c348d86d8_amd64
Red Hatmta/mta-analyzer-addon-rhel9@sha256:cdd94053c042f512f13ccf28b58c66ad2da74edb2f309f7e065ccd55570e5423_amd64 as a component of MTA 7.0 for RHEL 9mta/mta-analyzer-addon-rhel9@sha256:cdd94053c042f512f13ccf28b58c66ad2da74edb2f309f7e065ccd55570e5423_amd64, mta/mta-analyzer-addon-rhel9@sha256:cdd94053c042f512f13ccf28b58c66ad2da74edb2f309f7e065ccd55570e5423_amd64, *
Red Hatmta/mta-operator-bundle@sha256:323c8ff5f805ffbfdeef1e54208c9bf080564a8baf4b94acf9f4c98e85ebcb22_amd64 as a component of MTA 7.0 for RHEL 9*, mta/mta-operator-bundle@sha256:323c8ff5f805ffbfdeef1e54208c9bf080564a8baf4b94acf9f4c98e85ebcb22_amd64, *
Red Hatmta/mta-windup-shim-rhel9@sha256:7ab7480cf40d5e71ab2b9c94f4f6e37d533209da317c70023bb82abe7216b498_amd64 as a component of MTA 7.0 for RHEL 9mta/mta-windup-shim-rhel9@sha256:7ab7480cf40d5e71ab2b9c94f4f6e37d533209da317c70023bb82abe7216b498_amd64, *, *
Red Hatmta/mta-analyzer-addon-rhel9@sha256:cdd94053c042f512f13ccf28b58c66ad2da74edb2f309f7e065ccd55570e5423_amd64 as a component of MTA 7.0 for RHEL 9*, *, *
Red Hatmta/mta-cli-rhel9@sha256:394da54c8b6c523ac67ddb4643483d73c8f5d8246d480a4d326d07ae9ccd0d19_amd64 as a component of MTA 7.0 for RHEL 9mta/mta-cli-rhel9@sha256:394da54c8b6c523ac67ddb4643483d73c8f5d8246d480a4d326d07ae9ccd0d19_amd64, mta/mta-cli-rhel9@sha256:394da54c8b6c523ac67ddb4643483d73c8f5d8246d480a4d326d07ae9ccd0d19_amd64, mta/mta-cli-rhel9@sha256:394da54c8b6c523ac67ddb4643483d73c8f5d8246d480a4d326d07ae9ccd0d19_amd64
Red Hatmta/mta-ui-rhel9@sha256:74f0ab0f8f455ac4ae91e8450db2f7d3b2ce0fbccf51fea06d0444823cd32e9e_amd64 as a component of MTA 7.0 for RHEL 9mta/mta-ui-rhel9@sha256:74f0ab0f8f455ac4ae91e8450db2f7d3b2ce0fbccf51fea06d0444823cd32e9e_amd64, mta/mta-ui-rhel9@sha256:74f0ab0f8f455ac4ae91e8450db2f7d3b2ce0fbccf51fea06d0444823cd32e9e_amd64, *
Red Hatmta/mta-hub-rhel9@sha256:b57ab84961a2ca5e2c67ed4a58d6445698d2fd195290010a2f5adf5928ce9938_amd64 as a component of MTA 7.0 for RHEL 9*, mta/mta-hub-rhel9@sha256:b57ab84961a2ca5e2c67ed4a58d6445698d2fd195290010a2f5adf5928ce9938_amd64, mta/mta-hub-rhel9@sha256:b57ab84961a2ca5e2c67ed4a58d6445698d2fd195290010a2f5adf5928ce9938_amd64
Red Hatmta/mta-rhel8-operator@sha256:773b71296ffb507938983d8afe563a5a7bd822c940dd3717cec8410c348d86d8_amd64 as a component of MTA 7.0 for RHEL 8*, *, mta/mta-rhel8-operator@sha256:773b71296ffb507938983d8afe563a5a7bd822c940dd3717cec8410c348d86d8_amd64
Red Hatmta/mta-hub-rhel9@sha256:b57ab84961a2ca5e2c67ed4a58d6445698d2fd195290010a2f5adf5928ce9938_amd64 as a component of MTA 7.0 for RHEL 9*, *, mta/mta-hub-rhel9@sha256:b57ab84961a2ca5e2c67ed4a58d6445698d2fd195290010a2f5adf5928ce9938_amd64
golang
Red Hatmta/mta-cli-rhel9@sha256:394da54c8b6c523ac67ddb4643483d73c8f5d8246d480a4d326d07ae9ccd0d19_amd64 as a component of MTA 7.0 for RHEL 9*, mta/mta-cli-rhel9@sha256:394da54c8b6c523ac67ddb4643483d73c8f5d8246d480a4d326d07ae9ccd0d19_amd64, mta/mta-cli-rhel9@sha256:394da54c8b6c523ac67ddb4643483d73c8f5d8246d480a4d326d07ae9ccd0d19_amd64
Red Hatmta/mta-ui-rhel9@sha256:74f0ab0f8f455ac4ae91e8450db2f7d3b2ce0fbccf51fea06d0444823cd32e9e_amd64 as a component of MTA 7.0 for RHEL 9mta/mta-ui-rhel9@sha256:74f0ab0f8f455ac4ae91e8450db2f7d3b2ce0fbccf51fea06d0444823cd32e9e_amd64, mta/mta-ui-rhel9@sha256:74f0ab0f8f455ac4ae91e8450db2f7d3b2ce0fbccf51fea06d0444823cd32e9e_amd64, mta/mta-ui-rhel9@sha256:74f0ab0f8f455ac4ae91e8450db2f7d3b2ce0fbccf51fea06d0444823cd32e9e_amd64

Timeline

  • Jan 30, 2024 CVE Published
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Jun 19, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›