VDB

RHSA-2023%3A0769

RHSA-2023%3A0769 PUBLISHED CVSS 5.300000190734863 MEDIUM

A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.

Risk Scores

CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products

VendorProductVersions
Red Hatopenshift4/ose-cluster-network-operator@sha256:588ac55464f3db25117a8ed20a793ec3c76992aab7573c1c3fbaa9fc8c5d5b4f_ppc64le as a component of Red Hat OpenShift Container Platform 4.12openshift4/ose-cluster-network-operator@sha256:588ac55464f3db25117a8ed20a793ec3c76992aab7573c1c3fbaa9fc8c5d5b4f_ppc64le
Red Hatopenshift4/ose-csi-driver-manila-rhel8-operator@sha256:1ca0a575d371e8a1e5ed6f907063f204e14cfc340ded15d31858dc921608a2d8_amd64 as a component of Red Hat OpenShift Container Platform 4.12openshift4/ose-csi-driver-manila-rhel8-operator@sha256:1ca0a575d371e8a1e5ed6f907063f204e14cfc340ded15d31858dc921608a2d8_amd64
Red Hatopenshift4/ose-hypershift-rhel8@sha256:5f9dd763425e75cfea871a0ff106b3eedf78e12b40d23624006df5cbd12659cc_s390x as a component of Red Hat OpenShift Container Platform 4.12openshift4/ose-hypershift-rhel8@sha256:5f9dd763425e75cfea871a0ff106b3eedf78e12b40d23624006df5cbd12659cc_s390x
Red Hatopenshift4/network-tools-rhel8@sha256:a8642b799958817ab8d71f152c44e1521510a1967ff4a50ea426d35e5db4a4a0_amd64 as a component of Red Hat OpenShift Container Platform 4.12openshift4/network-tools-rhel8@sha256:a8642b799958817ab8d71f152c44e1521510a1967ff4a50ea426d35e5db4a4a0_amd64
Red Hatopenshift4/ose-hypershift-rhel8@sha256:2c0de48d3b4b3bafa1bce456b60086e3cdf65c1f7f1e3ea46c2cf052201ff3de_amd64 as a component of Red Hat OpenShift Container Platform 4.12openshift4/ose-hypershift-rhel8@sha256:2c0de48d3b4b3bafa1bce456b60086e3cdf65c1f7f1e3ea46c2cf052201ff3de_amd64
Red Hatopenshift4/ose-machine-config-operator@sha256:33b9e1b6e5c77f3e083119aa70ed79556540eb896e3b1f4f07792f213e06286a_amd64 as a component of Red Hat OpenShift Container Platform 4.12openshift4/ose-machine-config-operator@sha256:33b9e1b6e5c77f3e083119aa70ed79556540eb896e3b1f4f07792f213e06286a_amd64
Red Hatopenshift4/ose-machine-api-provider-openstack-rhel8@sha256:df8b87b869bbb65088edc7206dbee60db464a66eb67063dd62718b67a7a0e143_arm64 as a component of Red Hat OpenShift Container Platform 4.12*
Red Hatopenshift4/ose-tests@sha256:9b8c78ff47a24fa7028c495094defef1439867071f0828c4f32e5c0d9f4b7511_arm64 as a component of Red Hat OpenShift Container Platform 4.12openshift4/ose-tests@sha256:9b8c78ff47a24fa7028c495094defef1439867071f0828c4f32e5c0d9f4b7511_arm64
Red Hatopenshift4/ose-machine-api-provider-openstack-rhel8@sha256:d07da0829c513f23fb19e731b7d3885c7a199003e026d0a921ddc5acc16e5bd0_ppc64le as a component of Red Hat OpenShift Container Platform 4.12openshift4/ose-machine-api-provider-openstack-rhel8@sha256:d07da0829c513f23fb19e731b7d3885c7a199003e026d0a921ddc5acc16e5bd0_ppc64le
Red Hatopenshift4/ose-csi-driver-manila-rhel8-operator@sha256:a9779ba505bfd7075fd0ca4a7317e72806d21b70cb83112572750d67aef1c2e0_ppc64le as a component of Red Hat OpenShift Container Platform 4.12openshift4/ose-csi-driver-manila-rhel8-operator@sha256:a9779ba505bfd7075fd0ca4a7317e72806d21b70cb83112572750d67aef1c2e0_ppc64le
Red Hatopenshift4/ose-hypershift-rhel8@sha256:38d60e7ca124f74a61179c68f46f9adde20ee785bfaf531043fc8c642b8995ec_arm64 as a component of Red Hat OpenShift Container Platform 4.12openshift4/ose-hypershift-rhel8@sha256:38d60e7ca124f74a61179c68f46f9adde20ee785bfaf531043fc8c642b8995ec_arm64
Red Hatopenshift4/ose-ovn-kubernetes@sha256:c101097695848c91c6cd262c285f2bcaf7cd3e2c00c7f5fee7611cb4d2c63a39_arm64 as a component of Red Hat OpenShift Container Platform 4.12*
Red Hatopenshift4/ose-installer-artifacts@sha256:45d2bbd6d99d2fcbba28efaf63583779db1762449a3d8fc8356f99321c187931_arm64 as a component of Red Hat OpenShift Container Platform 4.12openshift4/ose-installer-artifacts@sha256:45d2bbd6d99d2fcbba28efaf63583779db1762449a3d8fc8356f99321c187931_arm64
Red Hatopenshift4/ose-sdn-rhel8@sha256:1e54ac8b8ddd12e9ba23d0ca8a68aac7b2b23f55032ec84c31af81fb8cfae3f2_s390x as a component of Red Hat OpenShift Container Platform 4.12*
Red Hatopenshift4/ose-tests@sha256:217c543cbc2e5db80024697f15041a1a4f1cdf078d702d67ddace16f154e6017_s390x as a component of Red Hat OpenShift Container Platform 4.12openshift4/ose-tests@sha256:217c543cbc2e5db80024697f15041a1a4f1cdf078d702d67ddace16f154e6017_s390x
Red Hatopenshift4/ose-machine-os-images-rhel8@sha256:90173de5e4060e575239c0069579ff04727577c2a6b57cd1ce2b80a0755aff7a_ppc64le as a component of Red Hat OpenShift Container Platform 4.12openshift4/ose-machine-os-images-rhel8@sha256:90173de5e4060e575239c0069579ff04727577c2a6b57cd1ce2b80a0755aff7a_ppc64le
Red Hatopenshift4/ose-machine-os-images-rhel8@sha256:2efb8fda6fa1a7900187dc2ac54aecbc39f3be455f6e773e9eb9b7ace75bb52f_amd64 as a component of Red Hat OpenShift Container Platform 4.12openshift4/ose-machine-os-images-rhel8@sha256:2efb8fda6fa1a7900187dc2ac54aecbc39f3be455f6e773e9eb9b7ace75bb52f_amd64
Red Hatopenshift4/ose-tests@sha256:67e1b3cd0b3f677be60cb13179246c92f06827ac636050962b1292fdd14a01e5_amd64 as a component of Red Hat OpenShift Container Platform 4.12openshift4/ose-tests@sha256:67e1b3cd0b3f677be60cb13179246c92f06827ac636050962b1292fdd14a01e5_amd64
Red Hatopenshift4/ose-csi-driver-manila-rhel8-operator@sha256:1ca0a575d371e8a1e5ed6f907063f204e14cfc340ded15d31858dc921608a2d8_amd64 as a component of Red Hat OpenShift Container Platform 4.12*
Red Hatopenshift4/ose-kube-proxy@sha256:c319347b053ef3e4b92eded60480d7325512b0aec9ac5e10baffd9e2cb4b7da0_amd64 as a component of Red Hat OpenShift Container Platform 4.12openshift4/ose-kube-proxy@sha256:c319347b053ef3e4b92eded60480d7325512b0aec9ac5e10baffd9e2cb4b7da0_amd64

…and 124 more

Timeline

  • Feb 20, 2023 CVE Published
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 30, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›