RHSA-2023%3A5677
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/ose-cluster-ingress-operator@sha256:0a8c26ec4e17988eef26d24f9001ed28fb5a049dae79972e6bb708a81f3c0cb5_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-cluster-ingress-operator@sha256:0a8c26ec4e17988eef26d24f9001ed28fb5a049dae79972e6bb708a81f3c0cb5_arm64, openshift4/ose-cluster-ingress-operator@sha256:0a8c26ec4e17988eef26d24f9001ed28fb5a049dae79972e6bb708a81f3c0cb5_arm64, openshift4/ose-cluster-ingress-operator@sha256:0a8c26ec4e17988eef26d24f9001ed28fb5a049dae79972e6bb708a81f3c0cb5_arm64 |
| Red Hat | openshift4/ose-csi-external-provisioner-rhel8@sha256:6ddb4787beda2026a8c1a88cba7664215b1774a90f5fdafe1269de8a1504ea73_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-csi-external-provisioner-rhel8@sha256:6ddb4787beda2026a8c1a88cba7664215b1774a90f5fdafe1269de8a1504ea73_amd64, openshift4/ose-csi-external-provisioner-rhel8@sha256:6ddb4787beda2026a8c1a88cba7664215b1774a90f5fdafe1269de8a1504ea73_amd64, openshift4/ose-csi-external-provisioner-rhel8@sha256:6ddb4787beda2026a8c1a88cba7664215b1774a90f5fdafe1269de8a1504ea73_amd64 |
| Red Hat | openshift4/ose-pod@sha256:b9cdc89199720e6fea1d4fc043689e1f4bc6bf741b31e1c40c968502d6be8e36_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-pod@sha256:b9cdc89199720e6fea1d4fc043689e1f4bc6bf741b31e1c40c968502d6be8e36_arm64, *, * |
| Red Hat | openshift4/ose-machine-api-provider-openstack-rhel8@sha256:bb4cdb7af7f0b9de569e55e38f045727cd7a9228385ed141ec1d2cb9e6b4aa02_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-machine-api-provider-openstack-rhel8@sha256:bb4cdb7af7f0b9de569e55e38f045727cd7a9228385ed141ec1d2cb9e6b4aa02_ppc64le, *, * |
| Red Hat | openshift4/ose-ibm-vpc-node-label-updater-rhel8@sha256:80c4df656293e916a5f99004a94b7b4314f9c65932f8d54f6fb5676338758706_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-ibm-vpc-node-label-updater-rhel8@sha256:80c4df656293e916a5f99004a94b7b4314f9c65932f8d54f6fb5676338758706_amd64, openshift4/ose-ibm-vpc-node-label-updater-rhel8@sha256:80c4df656293e916a5f99004a94b7b4314f9c65932f8d54f6fb5676338758706_amd64, * |
| Red Hat | openshift4/ose-aws-cluster-api-controllers-rhel8@sha256:a86e15b79584f5e2a43705ca8cb2075aa6a9d83ac5cf14d78c2248e9fcc36146_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-aws-cluster-api-controllers-rhel8@sha256:a86e15b79584f5e2a43705ca8cb2075aa6a9d83ac5cf14d78c2248e9fcc36146_arm64, *, openshift4/ose-aws-cluster-api-controllers-rhel8@sha256:a86e15b79584f5e2a43705ca8cb2075aa6a9d83ac5cf14d78c2248e9fcc36146_arm64 |
| Red Hat | openshift4/ose-kube-rbac-proxy@sha256:5dbab2c49fdabe46c43b03e08eba6bba957430598d22573f4e57520f21cdcbc6_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-kube-rbac-proxy@sha256:5dbab2c49fdabe46c43b03e08eba6bba957430598d22573f4e57520f21cdcbc6_amd64, *, openshift4/ose-kube-rbac-proxy@sha256:5dbab2c49fdabe46c43b03e08eba6bba957430598d22573f4e57520f21cdcbc6_amd64 |
| Red Hat | openshift4/ose-operator-registry@sha256:f043f59538e72fbc9e3efa119ed4694d5eba84209e27cad2dcfee60059fe86cb_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-operator-registry@sha256:f043f59538e72fbc9e3efa119ed4694d5eba84209e27cad2dcfee60059fe86cb_ppc64le, openshift4/ose-operator-registry@sha256:f043f59538e72fbc9e3efa119ed4694d5eba84209e27cad2dcfee60059fe86cb_ppc64le, openshift4/ose-operator-registry@sha256:f043f59538e72fbc9e3efa119ed4694d5eba84209e27cad2dcfee60059fe86cb_ppc64le |
| Red Hat | openshift4/ose-ibm-vpc-node-label-updater-rhel8@sha256:80c4df656293e916a5f99004a94b7b4314f9c65932f8d54f6fb5676338758706_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-ibm-vpc-node-label-updater-rhel8@sha256:80c4df656293e916a5f99004a94b7b4314f9c65932f8d54f6fb5676338758706_amd64, openshift4/ose-ibm-vpc-node-label-updater-rhel8@sha256:80c4df656293e916a5f99004a94b7b4314f9c65932f8d54f6fb5676338758706_amd64, openshift4/ose-ibm-vpc-node-label-updater-rhel8@sha256:80c4df656293e916a5f99004a94b7b4314f9c65932f8d54f6fb5676338758706_amd64 |
| Red Hat | openshift4/ose-csi-external-attacher@sha256:aa3ec325f26dfdcf06594c886f5942e06d56e30346d725db8df30a224102a81f_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-csi-external-attacher@sha256:aa3ec325f26dfdcf06594c886f5942e06d56e30346d725db8df30a224102a81f_ppc64le, *, * |
| Red Hat | openshift4/ose-powervs-block-csi-driver-operator-rhel8@sha256:9614b2b97f0bf4c2cd6fad56a3069eac1bd1e072dd84d256522e080515481370_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-powervs-block-csi-driver-operator-rhel8@sha256:9614b2b97f0bf4c2cd6fad56a3069eac1bd1e072dd84d256522e080515481370_amd64, *, openshift4/ose-powervs-block-csi-driver-operator-rhel8@sha256:9614b2b97f0bf4c2cd6fad56a3069eac1bd1e072dd84d256522e080515481370_amd64 |
| Red Hat | openshift4/ose-pod@sha256:0ef9c1626b00fc649c9a7a60a198553e91bc1e218b191b36537dcfe0a2ec3276_s390x as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-pod@sha256:0ef9c1626b00fc649c9a7a60a198553e91bc1e218b191b36537dcfe0a2ec3276_s390x, openshift4/ose-pod@sha256:0ef9c1626b00fc649c9a7a60a198553e91bc1e218b191b36537dcfe0a2ec3276_s390x, * |
| Red Hat | openshift4/ose-csi-livenessprobe-rhel8@sha256:02663564e20b648429d2cfd6b8e301fed8754c1192a23c136292d8cdc0509f8c_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-csi-livenessprobe-rhel8@sha256:02663564e20b648429d2cfd6b8e301fed8754c1192a23c136292d8cdc0509f8c_ppc64le, openshift4/ose-csi-livenessprobe-rhel8@sha256:02663564e20b648429d2cfd6b8e301fed8754c1192a23c136292d8cdc0509f8c_ppc64le, openshift4/ose-csi-livenessprobe-rhel8@sha256:02663564e20b648429d2cfd6b8e301fed8754c1192a23c136292d8cdc0509f8c_ppc64le |
| Red Hat | openshift4/ose-azure-file-csi-driver-rhel8@sha256:494091d03eb6d5c558082c9c55a214518c0484a0df94f4d258bde340f65dd3f7_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | *, openshift4/ose-azure-file-csi-driver-rhel8@sha256:494091d03eb6d5c558082c9c55a214518c0484a0df94f4d258bde340f65dd3f7_amd64, openshift4/ose-azure-file-csi-driver-rhel8@sha256:494091d03eb6d5c558082c9c55a214518c0484a0df94f4d258bde340f65dd3f7_amd64 |
| Red Hat | openshift4/ose-hypershift-rhel8@sha256:b024134ba2892f253714cea0e701ec913b64266a8925598b54b2f06cd14fd145_s390x as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-hypershift-rhel8@sha256:b024134ba2892f253714cea0e701ec913b64266a8925598b54b2f06cd14fd145_s390x, *, * |
| Red Hat | openshift4/ose-operator-lifecycle-manager@sha256:aff7bb2f50067a40553ef830dabcb28dac0071bcbc655bce172cc715afd2e975_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-operator-lifecycle-manager@sha256:aff7bb2f50067a40553ef830dabcb28dac0071bcbc655bce172cc715afd2e975_amd64, *, openshift4/ose-operator-lifecycle-manager@sha256:aff7bb2f50067a40553ef830dabcb28dac0071bcbc655bce172cc715afd2e975_amd64 |
| Red Hat | openshift4/ose-keepalived-ipfailover@sha256:92da279f2961bd68f8d54b09eca32706a5a8107e0c412d540fc3d12beb71c71b_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-keepalived-ipfailover@sha256:92da279f2961bd68f8d54b09eca32706a5a8107e0c412d540fc3d12beb71c71b_ppc64le, openshift4/ose-keepalived-ipfailover@sha256:92da279f2961bd68f8d54b09eca32706a5a8107e0c412d540fc3d12beb71c71b_ppc64le, openshift4/ose-keepalived-ipfailover@sha256:92da279f2961bd68f8d54b09eca32706a5a8107e0c412d540fc3d12beb71c71b_ppc64le |
| Red Hat | openshift4/ose-prometheus-config-reloader@sha256:b6db87e6042fc3487798c40c4a39df61dc2fe384c85f84f6d703c3612e42a189_s390x as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-prometheus-config-reloader@sha256:b6db87e6042fc3487798c40c4a39df61dc2fe384c85f84f6d703c3612e42a189_s390x, *, openshift4/ose-prometheus-config-reloader@sha256:b6db87e6042fc3487798c40c4a39df61dc2fe384c85f84f6d703c3612e42a189_s390x |
| Red Hat | openshift4/ose-cluster-baremetal-operator-rhel8@sha256:d53bc7bdcb8f4dfc788af4225a2f6ac7b82cb53107a2311b1076302d97fd08b7_s390x as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-cluster-baremetal-operator-rhel8@sha256:d53bc7bdcb8f4dfc788af4225a2f6ac7b82cb53107a2311b1076302d97fd08b7_s390x, *, * |
| Red Hat | openshift4/ose-baremetal-installer-rhel8@sha256:e1dfc7e0a7e8fd56f9308a9b796e9374ac8ad5f556c4770a2055d2b7385423f6_s390x as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-baremetal-installer-rhel8@sha256:e1dfc7e0a7e8fd56f9308a9b796e9374ac8ad5f556c4770a2055d2b7385423f6_s390x, openshift4/ose-baremetal-installer-rhel8@sha256:e1dfc7e0a7e8fd56f9308a9b796e9374ac8ad5f556c4770a2055d2b7385423f6_s390x, openshift4/ose-baremetal-installer-rhel8@sha256:e1dfc7e0a7e8fd56f9308a9b796e9374ac8ad5f556c4770a2055d2b7385423f6_s390x |
…and 1266 more
Timeline
- Oct 18, 2023 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- May 21, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2023:5677 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2243296 issue
- https://issues.redhat.com/browse/OCPBUGS-13580 advisory
- https://issues.redhat.com/browse/OCPBUGS-15474 advisory
- https://issues.redhat.com/browse/OCPBUGS-18288 advisory
- https://issues.redhat.com/browse/OCPBUGS-18490 advisory
- https://issues.redhat.com/browse/OCPBUGS-18838 advisory
- https://issues.redhat.com/browse/OCPBUGS-19089 advisory
- https://issues.redhat.com/browse/OCPBUGS-19483 advisory
- https://issues.redhat.com/browse/OCPBUGS-19779 advisory
- https://issues.redhat.com/browse/OCPBUGS-19904 advisory
- https://issues.redhat.com/browse/OCPBUGS-19906 advisory
- https://issues.redhat.com/browse/OCPBUGS-19933 advisory
- https://issues.redhat.com/browse/OCPBUGS-20124 advisory
- https://issues.redhat.com/browse/OCPBUGS-20144 advisory
- https://issues.redhat.com/browse/OCPBUGS-20223 advisory
- https://issues.redhat.com/browse/OCPBUGS-20253 advisory
- https://issues.redhat.com/browse/OCPBUGS-20299 advisory
…and 10 more