VDB
RHSA-2023%3A4603
RHSA-2023%3A4603
PUBLISHED
CVSS 7.5 HIGH
A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/driver-toolkit-rhel9@sha256:1429a811ccf69ea7c900fc51f5ec4f3d27d08dd60926c62f927291408aae291d_ppc64le as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/driver-toolkit-rhel9@sha256:1429a811ccf69ea7c900fc51f5ec4f3d27d08dd60926c62f927291408aae291d_ppc64le, openshift4/driver-toolkit-rhel9@sha256:1429a811ccf69ea7c900fc51f5ec4f3d27d08dd60926c62f927291408aae291d_ppc64le, openshift4/driver-toolkit-rhel9@sha256:1429a811ccf69ea7c900fc51f5ec4f3d27d08dd60926c62f927291408aae291d_ppc64le |
| Red Hat | openshift4/ose-ironic-agent-rhel9@sha256:e1df91dd54794619d000e01244f198fb8232638fc2f6a5a91cc8649ade925d6b_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-ironic-agent-rhel9@sha256:e1df91dd54794619d000e01244f198fb8232638fc2f6a5a91cc8649ade925d6b_arm64, openshift4/ose-ironic-agent-rhel9@sha256:e1df91dd54794619d000e01244f198fb8232638fc2f6a5a91cc8649ade925d6b_arm64, openshift4/ose-ironic-agent-rhel9@sha256:e1df91dd54794619d000e01244f198fb8232638fc2f6a5a91cc8649ade925d6b_arm64 |
| Red Hat | openshift4/ose-ovn-kubernetes-microshift-rhel9@sha256:ef5261ada62933d3f0a882b66df758e50a91c872df08f466cc980325f86d15dc_s390x as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-ovn-kubernetes-microshift-rhel9@sha256:ef5261ada62933d3f0a882b66df758e50a91c872df08f466cc980325f86d15dc_s390x, openshift4/ose-ovn-kubernetes-microshift-rhel9@sha256:ef5261ada62933d3f0a882b66df758e50a91c872df08f466cc980325f86d15dc_s390x, openshift4/ose-ovn-kubernetes-microshift-rhel9@sha256:ef5261ada62933d3f0a882b66df758e50a91c872df08f466cc980325f86d15dc_s390x |
| Red Hat | openshift4/driver-toolkit-rhel9@sha256:bbb170e48cc0b86b39bbca81d6a1a44c42b7e28d1475550f5e316d514b99038a_s390x as a component of Red Hat OpenShift Container Platform 4.13 | *, *, openshift4/driver-toolkit-rhel9@sha256:bbb170e48cc0b86b39bbca81d6a1a44c42b7e28d1475550f5e316d514b99038a_s390x |
| Red Hat | openshift4/ose-ovn-kubernetes@sha256:4b84a9489275cd767349ff95cc0b8b5ade73bef626dea8b941b0cea8bbb5ac96_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-ovn-kubernetes@sha256:4b84a9489275cd767349ff95cc0b8b5ade73bef626dea8b941b0cea8bbb5ac96_amd64, openshift4/ose-ovn-kubernetes@sha256:4b84a9489275cd767349ff95cc0b8b5ade73bef626dea8b941b0cea8bbb5ac96_amd64, * |
| Red Hat | openshift4/ose-cluster-ingress-operator@sha256:fa7fe8574dc03b35a7598b361a2de67c8aeabbd4ed32ba82f08a6cbecf5585f5_ppc64le as a component of Red Hat OpenShift Container Platform 4.13 | *, openshift4/ose-cluster-ingress-operator@sha256:fa7fe8574dc03b35a7598b361a2de67c8aeabbd4ed32ba82f08a6cbecf5585f5_ppc64le, openshift4/ose-cluster-ingress-operator@sha256:fa7fe8574dc03b35a7598b361a2de67c8aeabbd4ed32ba82f08a6cbecf5585f5_ppc64le |
| Red Hat | openshift4/ose-hyperkube@sha256:5cad049b6d9cdd261d7449378cdbc57bc8cecc49fb036e7e745d886cbac94ad3_s390x as a component of Red Hat OpenShift Container Platform 4.13 | *, *, openshift4/ose-hyperkube@sha256:5cad049b6d9cdd261d7449378cdbc57bc8cecc49fb036e7e745d886cbac94ad3_s390x |
| Red Hat | openshift4/ose-ironic-machine-os-downloader-rhel9@sha256:228704df1acd33ab144b488d4bb0560f60dd4ea082d4e47bb685559f0b7da028_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | *, *, * |
| Red Hat | openshift4/ose-ovn-kubernetes@sha256:c1bb97e1b22bb78dcd682f952859b8279824d862cc318361b43929cc5a8ca30e_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | *, *, openshift4/ose-ovn-kubernetes@sha256:c1bb97e1b22bb78dcd682f952859b8279824d862cc318361b43929cc5a8ca30e_arm64 |
| Red Hat | openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8@sha256:71115d4b27dab927bf42629fae92a98625270ce63be1308c515957ee5c992a1d_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8@sha256:71115d4b27dab927bf42629fae92a98625270ce63be1308c515957ee5c992a1d_amd64, openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8@sha256:71115d4b27dab927bf42629fae92a98625270ce63be1308c515957ee5c992a1d_amd64, openshift4/ose-alibaba-disk-csi-driver-operator-container-rhel8@sha256:71115d4b27dab927bf42629fae92a98625270ce63be1308c515957ee5c992a1d_amd64 |
| Red Hat | openshift4/ose-ovn-kubernetes@sha256:6693c41e1ca6772ea01a4d1d1917011deeab2bc95eeda2db95a7667164dce4c2_s390x as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-ovn-kubernetes@sha256:6693c41e1ca6772ea01a4d1d1917011deeab2bc95eeda2db95a7667164dce4c2_s390x, openshift4/ose-ovn-kubernetes@sha256:6693c41e1ca6772ea01a4d1d1917011deeab2bc95eeda2db95a7667164dce4c2_s390x, openshift4/ose-ovn-kubernetes@sha256:6693c41e1ca6772ea01a4d1d1917011deeab2bc95eeda2db95a7667164dce4c2_s390x |
| Red Hat | openshift4/ose-machine-config-operator@sha256:eba22f67551d60674a8c9550b9284f2a0540b2a69f5e3c12b7cb2d943684b2a3_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | *, openshift4/ose-machine-config-operator@sha256:eba22f67551d60674a8c9550b9284f2a0540b2a69f5e3c12b7cb2d943684b2a3_amd64, * |
| Red Hat | openshift4/ose-cluster-ingress-operator@sha256:fa7fe8574dc03b35a7598b361a2de67c8aeabbd4ed32ba82f08a6cbecf5585f5_ppc64le as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-cluster-ingress-operator@sha256:fa7fe8574dc03b35a7598b361a2de67c8aeabbd4ed32ba82f08a6cbecf5585f5_ppc64le, *, * |
| Red Hat | openshift4/ose-cluster-config-operator@sha256:eca8ff8183d8a51881d0341feea30db34e76b9c22099b8fe6b1942678c3d5f25_s390x as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-cluster-config-operator@sha256:eca8ff8183d8a51881d0341feea30db34e76b9c22099b8fe6b1942678c3d5f25_s390x, openshift4/ose-cluster-config-operator@sha256:eca8ff8183d8a51881d0341feea30db34e76b9c22099b8fe6b1942678c3d5f25_s390x, openshift4/ose-cluster-config-operator@sha256:eca8ff8183d8a51881d0341feea30db34e76b9c22099b8fe6b1942678c3d5f25_s390x |
| Red Hat | openshift4/ose-cluster-ingress-operator@sha256:70a9fb28fa594cac7529ad506e066168d9560a5bcd06e7e8af76b368063380b2_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-cluster-ingress-operator@sha256:70a9fb28fa594cac7529ad506e066168d9560a5bcd06e7e8af76b368063380b2_arm64, openshift4/ose-cluster-ingress-operator@sha256:70a9fb28fa594cac7529ad506e066168d9560a5bcd06e7e8af76b368063380b2_arm64, openshift4/ose-cluster-ingress-operator@sha256:70a9fb28fa594cac7529ad506e066168d9560a5bcd06e7e8af76b368063380b2_arm64 |
| Red Hat | openshift4/ose-ironic-machine-os-downloader-rhel9@sha256:e3d1335f73cdf23e92c8f29e6f52a4f2339c33cd17b904d9e180abb63730cf59_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-ironic-machine-os-downloader-rhel9@sha256:e3d1335f73cdf23e92c8f29e6f52a4f2339c33cd17b904d9e180abb63730cf59_arm64, openshift4/ose-ironic-machine-os-downloader-rhel9@sha256:e3d1335f73cdf23e92c8f29e6f52a4f2339c33cd17b904d9e180abb63730cf59_arm64, openshift4/ose-ironic-machine-os-downloader-rhel9@sha256:e3d1335f73cdf23e92c8f29e6f52a4f2339c33cd17b904d9e180abb63730cf59_arm64 |
| Red Hat | openshift4/ose-cluster-config-operator@sha256:8e75e1137ca5e1cee5d8204917159e6a11f2cf22eb9f138f7665fa9ca1732471_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-cluster-config-operator@sha256:8e75e1137ca5e1cee5d8204917159e6a11f2cf22eb9f138f7665fa9ca1732471_arm64, openshift4/ose-cluster-config-operator@sha256:8e75e1137ca5e1cee5d8204917159e6a11f2cf22eb9f138f7665fa9ca1732471_arm64, openshift4/ose-cluster-config-operator@sha256:8e75e1137ca5e1cee5d8204917159e6a11f2cf22eb9f138f7665fa9ca1732471_arm64 |
| Red Hat | openshift4/ose-machine-os-images-rhel8@sha256:16fde40b0b1c46a03f11483a913e2c6207406ad37d95dfe0f5854020f4871827_ppc64le as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-machine-os-images-rhel8@sha256:16fde40b0b1c46a03f11483a913e2c6207406ad37d95dfe0f5854020f4871827_ppc64le, openshift4/ose-machine-os-images-rhel8@sha256:16fde40b0b1c46a03f11483a913e2c6207406ad37d95dfe0f5854020f4871827_ppc64le, openshift4/ose-machine-os-images-rhel8@sha256:16fde40b0b1c46a03f11483a913e2c6207406ad37d95dfe0f5854020f4871827_ppc64le |
| Red Hat | openshift4/ose-baremetal-rhel8-operator@sha256:c6ba0ef96f6d46f840abd7dfa07bfe482a512ee445ff834b0025c817b7135b39_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | *, openshift4/ose-baremetal-rhel8-operator@sha256:c6ba0ef96f6d46f840abd7dfa07bfe482a512ee445ff834b0025c817b7135b39_arm64, * |
| Red Hat | openshift4/ose-ironic-rhel9@sha256:6d7f2714695ffdeec935ef56e560511dc02e979899758ccff10c275ddae56036_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | *, openshift4/ose-ironic-rhel9@sha256:6d7f2714695ffdeec935ef56e560511dc02e979899758ccff10c275ddae56036_amd64, openshift4/ose-ironic-rhel9@sha256:6d7f2714695ffdeec935ef56e560511dc02e979899758ccff10c275ddae56036_amd64 |
…and 163 more
Exploit Intelligence
- .trivyignore.yaml (github-poc)
- .trivyignore.yml (github-poc)
- cve_db.json (github-poc)
Timeline
- Aug 16, 2023 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- May 20, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2023:4603 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2178358 issue
- https://issues.redhat.com/browse/OCPBUGS-13175 advisory
- https://issues.redhat.com/browse/OCPBUGS-13941 advisory
- https://issues.redhat.com/browse/OCPBUGS-15890 advisory
- https://issues.redhat.com/browse/OCPBUGS-15956 advisory
- https://issues.redhat.com/browse/OCPBUGS-16040 advisory
- https://issues.redhat.com/browse/OCPBUGS-16398 advisory
- https://issues.redhat.com/browse/OCPBUGS-16659 advisory
- https://issues.redhat.com/browse/OCPBUGS-17104 advisory
- https://issues.redhat.com/browse/OCPBUGS-17229 advisory
- https://issues.redhat.com/browse/OCPBUGS-17430 advisory
- https://issues.redhat.com/browse/OCPBUGS-5473 advisory
- https://issues.redhat.com/browse/OCPBUGS-9268 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_4603.json advisory
- https://access.redhat.com/security/cve/CVE-2022-41723 advisory
- https://www.cve.org/CVERecord?id=CVE-2022-41723 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-41723 advisory
- https://github.com/advisories/GHSA-vvpx-j8f3-3w6h advisory
…and 6 more