VDB
RHSA-2023%3A4731
RHSA-2023%3A4731
PUBLISHED
CVSS 7.5 HIGH
A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/ose-csi-livenessprobe@sha256:d5bb67ed7d79610c0664b8e3fe89c16e7c97e51a8b999722ad918c4cc7442bfb_ppc64le as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-csi-livenessprobe@sha256:d5bb67ed7d79610c0664b8e3fe89c16e7c97e51a8b999722ad918c4cc7442bfb_ppc64le, *, openshift4/ose-csi-livenessprobe@sha256:d5bb67ed7d79610c0664b8e3fe89c16e7c97e51a8b999722ad918c4cc7442bfb_ppc64le |
| Red Hat | openshift4/ose-prom-label-proxy@sha256:0567a88b0a2a79a18891f4ea4a4e0f3d5bc300c8b39358c1cbc6adf7dd05451e_s390x as a component of Red Hat OpenShift Container Platform 4.13 | *, openshift4/ose-prom-label-proxy@sha256:0567a88b0a2a79a18891f4ea4a4e0f3d5bc300c8b39358c1cbc6adf7dd05451e_s390x, * |
| Red Hat | openshift4/ose-aws-ebs-csi-driver-rhel8@sha256:d772c0e8f1d7ad1028a98d49f0cb8ad8f36c39c575d6865ebe0018d2a6894df8_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | *, *, openshift4/ose-aws-ebs-csi-driver-rhel8@sha256:d772c0e8f1d7ad1028a98d49f0cb8ad8f36c39c575d6865ebe0018d2a6894df8_arm64 |
| Red Hat | openshift4/ose-operator-registry@sha256:bd2c10b487b07d2fdcb46797f1a7e1fd45d351060064c23febe392af0c2f8761_ppc64le as a component of Red Hat OpenShift Container Platform 4.13 | *, openshift4/ose-operator-registry@sha256:bd2c10b487b07d2fdcb46797f1a7e1fd45d351060064c23febe392af0c2f8761_ppc64le, * |
| Red Hat | openshift4/ose-gcp-pd-csi-driver-operator-rhel8@sha256:b9f3e212c0a36de51c4689fc3ccd8a4138884e9d1529b00b5a75deaeb4a4b401_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-gcp-pd-csi-driver-operator-rhel8@sha256:b9f3e212c0a36de51c4689fc3ccd8a4138884e9d1529b00b5a75deaeb4a4b401_amd64, openshift4/ose-gcp-pd-csi-driver-operator-rhel8@sha256:b9f3e212c0a36de51c4689fc3ccd8a4138884e9d1529b00b5a75deaeb4a4b401_amd64, * |
| Red Hat | openshift4/ose-operator-marketplace@sha256:fa771a77e9081430da80a94441df8434a47e5936ccd8e97ae5faaf733d9ad61a_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | *, *, openshift4/ose-operator-marketplace@sha256:fa771a77e9081430da80a94441df8434a47e5936ccd8e97ae5faaf733d9ad61a_arm64 |
| Red Hat | openshift4/ose-csi-external-provisioner@sha256:ffc325a40da20f03badb7795ba648b417100d72a93196a1aa905c38999811457_ppc64le as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-csi-external-provisioner@sha256:ffc325a40da20f03badb7795ba648b417100d72a93196a1aa905c38999811457_ppc64le, *, * |
| Red Hat | openshift4/ose-cluster-api-rhel8@sha256:b8d62c6926fae0005c0cd2a4929e4f99fa530e3813f8830bb01df33d07108c77_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | *, *, * |
| Red Hat | openshift4/ose-csi-driver-shared-resource-webhook-rhel8@sha256:30661639a9cb7038ff1c4fbf2eade62efce093ab41adee5ac7727990177aa0fe_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | *, *, * |
| Red Hat | openshift4/ose-prometheus-config-reloader@sha256:58aba53445a3496042afe24da2f204ecb8f958eca2f89a7c91eceac915d50fda_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-prometheus-config-reloader@sha256:58aba53445a3496042afe24da2f204ecb8f958eca2f89a7c91eceac915d50fda_arm64, openshift4/ose-prometheus-config-reloader@sha256:58aba53445a3496042afe24da2f204ecb8f958eca2f89a7c91eceac915d50fda_arm64, openshift4/ose-prometheus-config-reloader@sha256:58aba53445a3496042afe24da2f204ecb8f958eca2f89a7c91eceac915d50fda_arm64 |
| Red Hat | openshift4/ose-must-gather@sha256:01280924559b067b8c2a45ac2e1f6ed8ccc058ed7b9d5167388dd6994ec4e699_s390x as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-must-gather@sha256:01280924559b067b8c2a45ac2e1f6ed8ccc058ed7b9d5167388dd6994ec4e699_s390x, openshift4/ose-must-gather@sha256:01280924559b067b8c2a45ac2e1f6ed8ccc058ed7b9d5167388dd6994ec4e699_s390x, openshift4/ose-must-gather@sha256:01280924559b067b8c2a45ac2e1f6ed8ccc058ed7b9d5167388dd6994ec4e699_s390x |
| Red Hat | openshift4/ose-csi-livenessprobe-rhel8@sha256:1696e6667814802633f3bec412e1d77945cb352bdb748e3178b875e322c5bc7b_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | *, openshift4/ose-csi-livenessprobe-rhel8@sha256:1696e6667814802633f3bec412e1d77945cb352bdb748e3178b875e322c5bc7b_arm64, * |
| Red Hat | openshift4/ose-cluster-bootstrap@sha256:aa6850152cb9d718e8f695f93b0990b93d71bc2a2956ea1ce02084224ca0d711_s390x as a component of Red Hat OpenShift Container Platform 4.13 | *, *, openshift4/ose-cluster-bootstrap@sha256:aa6850152cb9d718e8f695f93b0990b93d71bc2a2956ea1ce02084224ca0d711_s390x |
| Red Hat | openshift4/ose-agent-installer-api-server-rhel8@sha256:b8b04b73de8f0a43751acf4bcd456cde9023b1f300a62d0fe56110f093c2b8bf_s390x as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-agent-installer-api-server-rhel8@sha256:b8b04b73de8f0a43751acf4bcd456cde9023b1f300a62d0fe56110f093c2b8bf_s390x, openshift4/ose-agent-installer-api-server-rhel8@sha256:b8b04b73de8f0a43751acf4bcd456cde9023b1f300a62d0fe56110f093c2b8bf_s390x, openshift4/ose-agent-installer-api-server-rhel8@sha256:b8b04b73de8f0a43751acf4bcd456cde9023b1f300a62d0fe56110f093c2b8bf_s390x |
| Red Hat | openshift4/ose-kube-storage-version-migrator-rhel8@sha256:20f5fdefc3c785deb9cb74f8bcaf4b4417b39fbaa5916f7fdefee998873d0618_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | *, openshift4/ose-kube-storage-version-migrator-rhel8@sha256:20f5fdefc3c785deb9cb74f8bcaf4b4417b39fbaa5916f7fdefee998873d0618_arm64, openshift4/ose-kube-storage-version-migrator-rhel8@sha256:20f5fdefc3c785deb9cb74f8bcaf4b4417b39fbaa5916f7fdefee998873d0618_arm64 |
| Red Hat | openshift4/ose-multus-admission-controller@sha256:d2624fa9d82c5a9242f6e72b74e83c400fd5f44ca0f828151997b1e2eb7586e8_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-multus-admission-controller@sha256:d2624fa9d82c5a9242f6e72b74e83c400fd5f44ca0f828151997b1e2eb7586e8_arm64, openshift4/ose-multus-admission-controller@sha256:d2624fa9d82c5a9242f6e72b74e83c400fd5f44ca0f828151997b1e2eb7586e8_arm64, openshift4/ose-multus-admission-controller@sha256:d2624fa9d82c5a9242f6e72b74e83c400fd5f44ca0f828151997b1e2eb7586e8_arm64 |
| Red Hat | openshift4/ose-prometheus-operator-admission-webhook-rhel8@sha256:dc15ab0d65d2c5adac87df0f9745bf44e1b639addda2b1503636504b0f4efa87_s390x as a component of Red Hat OpenShift Container Platform 4.13 | *, openshift4/ose-prometheus-operator-admission-webhook-rhel8@sha256:dc15ab0d65d2c5adac87df0f9745bf44e1b639addda2b1503636504b0f4efa87_s390x, * |
| Red Hat | openshift4/ose-cluster-update-keys@sha256:ef2ae383dcd51a8cf8665ec78aec0eef7815864e4bdf64dfc133f74e65e177ed_s390x as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-cluster-update-keys@sha256:ef2ae383dcd51a8cf8665ec78aec0eef7815864e4bdf64dfc133f74e65e177ed_s390x, *, * |
| Red Hat | openshift4/ose-openstack-cloud-controller-manager-rhel8@sha256:23fa84f78e6f683098c2c0bc962503c6d6d6bf77448efd065ae6903f59c0b4ef_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-openstack-cloud-controller-manager-rhel8@sha256:23fa84f78e6f683098c2c0bc962503c6d6d6bf77448efd065ae6903f59c0b4ef_arm64, *, * |
| Red Hat | openshift4/ose-kube-rbac-proxy@sha256:995e4ebf2e3297ae3f9998e171e19c3550ccedf967961c6dfc9c66dbde3df802_ppc64le as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-kube-rbac-proxy@sha256:995e4ebf2e3297ae3f9998e171e19c3550ccedf967961c6dfc9c66dbde3df802_ppc64le, openshift4/ose-kube-rbac-proxy@sha256:995e4ebf2e3297ae3f9998e171e19c3550ccedf967961c6dfc9c66dbde3df802_ppc64le, openshift4/ose-kube-rbac-proxy@sha256:995e4ebf2e3297ae3f9998e171e19c3550ccedf967961c6dfc9c66dbde3df802_ppc64le |
…and 1281 more
Timeline
- Aug 30, 2023 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- May 20, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2023:4731 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2178358 issue
- https://issues.redhat.com/browse/OCPBUGS-13075 advisory
- https://issues.redhat.com/browse/OCPBUGS-15897 advisory
- https://issues.redhat.com/browse/OCPBUGS-16013 advisory
- https://issues.redhat.com/browse/OCPBUGS-16640 advisory
- https://issues.redhat.com/browse/OCPBUGS-16772 advisory
- https://issues.redhat.com/browse/OCPBUGS-16777 advisory
- https://issues.redhat.com/browse/OCPBUGS-16804 advisory
- https://issues.redhat.com/browse/OCPBUGS-17158 advisory
- https://issues.redhat.com/browse/OCPBUGS-17187 advisory
- https://issues.redhat.com/browse/OCPBUGS-17365 advisory
- https://issues.redhat.com/browse/OCPBUGS-17453 advisory
- https://issues.redhat.com/browse/OCPBUGS-17557 advisory
- https://issues.redhat.com/browse/OCPBUGS-17559 advisory
- https://issues.redhat.com/browse/OCPBUGS-17728 advisory
- https://issues.redhat.com/browse/OCPBUGS-17733 advisory
- https://issues.redhat.com/browse/OCPBUGS-17769 advisory
- https://issues.redhat.com/browse/OCPBUGS-17791 advisory
…and 13 more