VDB

RHSA-2023%3A5724

RHSA-2023%3A5724 PUBLISHED CVSS 7.5 HIGH

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Red Hatcom.graphql-java.java-dataloader-3.2.0.redhat-00001.jar as a component of Red Hat build of Quarkus 2.13.8.SP3com.graphql-java.java-dataloader-3.2.0.redhat-00001.jar
Red Hatio.smallrye.stork.stork-api-1.1.2.redhat-00002.jar as a component of Red Hat build of Quarkus 2.13.8.SP3io.smallrye.stork.stork-api-1.1.2.redhat-00002.jar
Red Hatio.smallrye.reactive.smallrye-mutiny-vertx-uri-template-2.27.0.redhat-00001.jar as a component of Red Hat build of Quarkus 2.13.8.SP3io.smallrye.reactive.smallrye-mutiny-vertx-uri-template-2.27.0.redhat-00001.jar
Red Hatorg.locationtech.jts.jts-core-1.17.0.jar as a component of Red Hat build of Quarkus 2.13.8.SP3org.locationtech.jts.jts-core-1.17.0.jar
Red Hatorg.apache.sshd.sshd-common-2.9.2.redhat-00001.jar as a component of Red Hat build of Quarkus 2.13.8.SP3org.apache.sshd.sshd-common-2.9.2.redhat-00001.jar
Red Hatio.quarkus.quarkus-resteasy-reactive-spi-deployment-2.13.8.Final-redhat-00006.jar as a component of Red Hat build of Quarkus 2.13.8.SP3io.quarkus.quarkus-resteasy-reactive-spi-deployment-2.13.8.Final-redhat-00006.jar
Red Hatorg.eclipse.microprofile.reactive-streams-operators.microprofile-reactive-streams-operators-core-1.0.1.redhat-00001.jar as a component of Red Hat build of Quarkus 2.13.8.SP3org.eclipse.microprofile.reactive-streams-operators.microprofile-reactive-streams-operators-core-1.0.1.redhat-00001.jar
Red Hatio.quarkus.quarkus-smallrye-fault-tolerance-deployment-2.13.8.Final-redhat-00006.jar as a component of Red Hat build of Quarkus 2.13.8.SP3io.quarkus.quarkus-smallrye-fault-tolerance-deployment-2.13.8.Final-redhat-00006.jar
Red Hatorg.apache.maven.resolver.maven-resolver-impl-1.6.3.jar as a component of Red Hat build of Quarkus 2.13.8.SP3org.apache.maven.resolver.maven-resolver-impl-1.6.3.jar
Red Hatio.quarkus.quarkus-rest-client-deployment-2.13.8.Final-redhat-00006.jar as a component of Red Hat build of Quarkus 2.13.8.SP3*
Red Hatio.quarkus.quarkus-smallrye-fault-tolerance-2.13.8.Final-redhat-00006.jar as a component of Red Hat build of Quarkus 2.13.8.SP3io.quarkus.quarkus-smallrye-fault-tolerance-2.13.8.Final-redhat-00006.jar
Red Hatio.quarkus.quarkus-rest-client-reactive-2.13.8.Final-redhat-00006.jar as a component of Red Hat build of Quarkus 2.13.8.SP3io.quarkus.quarkus-rest-client-reactive-2.13.8.Final-redhat-00006.jar
Red Hatio.quarkus.quarkus-ide-launcher-2.13.8.Final-redhat-00006.jar as a component of Red Hat build of Quarkus 2.13.8.SP3io.quarkus.quarkus-ide-launcher-2.13.8.Final-redhat-00006.jar
Red Hatorg.mongodb.mongodb-crypt-1.5.2.jar as a component of Red Hat build of Quarkus 2.13.8.SP3org.mongodb.mongodb-crypt-1.5.2.jar
Red Hatio.vertx.vertx-mysql-client-4.3.4.redhat-00008.jar as a component of Red Hat build of Quarkus 2.13.8.SP3io.vertx.vertx-mysql-client-4.3.4.redhat-00008.jar
Red Hatcom.fasterxml.jackson.module.jackson-module-parameter-names-2.13.4.redhat-00004.jar as a component of Red Hat build of Quarkus 2.13.8.SP3com.fasterxml.jackson.module.jackson-module-parameter-names-2.13.4.redhat-00004.jar
Red Hatio.smallrye.reactive.smallrye-mutiny-vertx-web-2.27.0.redhat-00001.jar as a component of Red Hat build of Quarkus 2.13.8.SP3io.smallrye.reactive.smallrye-mutiny-vertx-web-2.27.0.redhat-00001.jar
Red Hatorg.wildfly.security.wildfly-elytron-sasl-gssapi-1.20.1.Final-redhat-00001.jar as a component of Red Hat build of Quarkus 2.13.8.SP3org.wildfly.security.wildfly-elytron-sasl-gssapi-1.20.1.Final-redhat-00001.jar
Red Hatio.vertx.vertx-codegen-4.3.4.redhat-00008.jar as a component of Red Hat build of Quarkus 2.13.8.SP3io.vertx.vertx-codegen-4.3.4.redhat-00008.jar
Red Hatorg.hibernate.hibernate-graalvm-5.6.15.Final.jar as a component of Red Hat build of Quarkus 2.13.8.SP3*

…and 859 more

Timeline

  • Oct 16, 2023 CVE Published
  • Apr 24, 2026 CVE Updated
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
Open in Interactive Console →
$ Console Community · 100/wk Open console ›