VDB

RHSA-2023%3A0931

RHSA-2023%3A0931 PUBLISHED CVSS 5.300000190734863 MEDIUM

A flaw was found in the net/http library of the golang package. This flaw allows an attacker to cause excessive memory growth in a Go server accepting HTTP/2 requests. HTTP/2 server connections contain a cache of HTTP header keys sent by the client. While the total number of entries in this cache is capped, an attacker sending very large keys can cause the server to allocate approximately 64 MiB per open connection.

Risk Scores

CVSS 3.1
5.300000190734863
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Affected Products

VendorProductVersions
Red Hatopenshift-logging/opa-openshift-rhel8@sha256:82a26a71a6b384cbd8adf6186a3b2206623e22a7d33c1f3167f986ac9d916db6_amd64 as a component of RHOL 5.4 for RHEL 8openshift-logging/opa-openshift-rhel8@sha256:82a26a71a6b384cbd8adf6186a3b2206623e22a7d33c1f3167f986ac9d916db6_amd64
Red Hatopenshift-logging/kibana6-rhel8@sha256:c0b4072faad5afe90383b2a3d29a97579d69875ce5e6e2ea02d4cf900a05d9c8_s390x as a component of RHOL 5.4 for RHEL 8*
Red Hatopenshift-logging/elasticsearch-rhel8-operator@sha256:6b7d01c21ab3829e39ad2feb1d7f00557dc2b5445b3db0dd2efc240456f53307_amd64 as a component of RHOL 5.4 for RHEL 8openshift-logging/elasticsearch-rhel8-operator@sha256:6b7d01c21ab3829e39ad2feb1d7f00557dc2b5445b3db0dd2efc240456f53307_amd64
Red Hatopenshift-logging/eventrouter-rhel8@sha256:64303daef8972539e596feccfb1fdd186e350083adcab0818b688217ad8d7a44_s390x as a component of RHOL 5.4 for RHEL 8openshift-logging/eventrouter-rhel8@sha256:64303daef8972539e596feccfb1fdd186e350083adcab0818b688217ad8d7a44_s390x
Red Hatopenshift-logging/lokistack-gateway-rhel8@sha256:968cf7bddb72ebcf5d34d0be94c6e9c06ea3b24adc8ee714d9eae72afe0ccceb_ppc64le as a component of RHOL 5.4 for RHEL 8openshift-logging/lokistack-gateway-rhel8@sha256:968cf7bddb72ebcf5d34d0be94c6e9c06ea3b24adc8ee714d9eae72afe0ccceb_ppc64le
Red Hatopenshift-logging/logging-loki-rhel8@sha256:dbe59a42235378fb3acdcfd920f527bf9dde3bceee12679983d9a8c672d3086b_ppc64le as a component of RHOL 5.4 for RHEL 8*
Red Hatopenshift-logging/loki-rhel8-operator@sha256:8b28ce44f52ceb5a685d1a3a4318f28747b51fe97be760b14f67ad8a67037c9b_amd64 as a component of RHOL 5.4 for RHEL 8*
Red Hatopenshift-logging/logging-curator5-rhel8@sha256:71d1a448a50a62831512fb80d803ad8134571af56595d545934e1d0dade4bfd2_amd64 as a component of RHOL 5.4 for RHEL 8openshift-logging/logging-curator5-rhel8@sha256:71d1a448a50a62831512fb80d803ad8134571af56595d545934e1d0dade4bfd2_amd64
Red Hatopenshift-logging/kibana6-rhel8@sha256:d0adfb36cee7c3b1881461797dcf20c45cd7c961a98cab25da17cf79b1254183_amd64 as a component of RHOL 5.4 for RHEL 8openshift-logging/kibana6-rhel8@sha256:d0adfb36cee7c3b1881461797dcf20c45cd7c961a98cab25da17cf79b1254183_amd64
Red Hatopenshift-logging/lokistack-gateway-rhel8@sha256:addc0296dbf47afb5cb6c2e23687ed22f767861ce8c48fabda5c0d3ed61474e7_amd64 as a component of RHOL 5.4 for RHEL 8openshift-logging/lokistack-gateway-rhel8@sha256:addc0296dbf47afb5cb6c2e23687ed22f767861ce8c48fabda5c0d3ed61474e7_amd64
Red Hatopenshift-logging/logging-curator5-rhel8@sha256:b2519f1258c8dcfc1e843f5c19dee7c2e7ba96dbfca172387e66d21724235d35_s390x as a component of RHOL 5.4 for RHEL 8openshift-logging/logging-curator5-rhel8@sha256:b2519f1258c8dcfc1e843f5c19dee7c2e7ba96dbfca172387e66d21724235d35_s390x
Red Hatopenshift-logging/elasticsearch-rhel8-operator@sha256:6b7d01c21ab3829e39ad2feb1d7f00557dc2b5445b3db0dd2efc240456f53307_amd64 as a component of RHOL 5.4 for RHEL 8*
Red Hatopenshift-logging/logging-loki-rhel8@sha256:2b62a606e6abce2601fead1d9af312f661424f2009ec466919f5c724ae6b31c9_amd64 as a component of RHOL 5.4 for RHEL 8*
Red Hatopenshift-logging/vector-rhel8@sha256:b68a233e71b7b5b554718d097b66367a437a1373f18225379a30aabc043bb5aa_ppc64le as a component of RHOL 5.4 for RHEL 8*
Red Hatopenshift-logging/log-file-metric-exporter-rhel8@sha256:812450e04a798d5d3cc1af2e09cc8a46adda76a3424f1cc43655f5c7ef00ede4_amd64 as a component of RHOL 5.4 for RHEL 8openshift-logging/log-file-metric-exporter-rhel8@sha256:812450e04a798d5d3cc1af2e09cc8a46adda76a3424f1cc43655f5c7ef00ede4_amd64
Red Hatopenshift-logging/loki-operator-bundle@sha256:154c903aec585af0d3ba39858cc92c610df9ec4e3801cb983dcb9e2d94fccc91_amd64 as a component of RHOL 5.4 for RHEL 8openshift-logging/loki-operator-bundle@sha256:154c903aec585af0d3ba39858cc92c610df9ec4e3801cb983dcb9e2d94fccc91_amd64
Red Hatopenshift-logging/elasticsearch-rhel8-operator@sha256:2f125868f2726592f422a57d51e7cf976ea9bf9610ea02ae0271c0a2cde0e7f5_arm64 as a component of RHOL 5.4 for RHEL 8openshift-logging/elasticsearch-rhel8-operator@sha256:2f125868f2726592f422a57d51e7cf976ea9bf9610ea02ae0271c0a2cde0e7f5_arm64
Red Hatopenshift-logging/kibana6-rhel8@sha256:9fa0aee38d99df9da31e725141c25a32a2ceb7ae8777fe0247a477bdae22e2c2_ppc64le as a component of RHOL 5.4 for RHEL 8openshift-logging/kibana6-rhel8@sha256:9fa0aee38d99df9da31e725141c25a32a2ceb7ae8777fe0247a477bdae22e2c2_ppc64le
Red Hatopenshift-logging/log-file-metric-exporter-rhel8@sha256:31863084d97df4186b8d28a7cace89b7eece7287f60c2a41b587c1f155342c21_ppc64le as a component of RHOL 5.4 for RHEL 8*
Red Hatopenshift-logging/vector-rhel8@sha256:ccd4d0f15754c251ca089157c06d41864021a1c9f2270a05c2483851b0f13a39_arm64 as a component of RHOL 5.4 for RHEL 8openshift-logging/vector-rhel8@sha256:ccd4d0f15754c251ca089157c06d41864021a1c9f2270a05c2483851b0f13a39_arm64

…and 98 more

Timeline

  • Mar 8, 2023 CVE Published
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 30, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›