RHSA-2023%3A5895
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/ingress-node-firewall@sha256:285d86578ee1284e413bd1e991d33bc1d956db5af64e42525afa2216d95dfe74_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | *, *, * |
| Red Hat | openshift4/ptp-must-gather-rhel8@sha256:9a98565826a91e3d756eeae9c759b4a90ed47f37092e9c7d29af60b383049bd2_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ptp-must-gather-rhel8@sha256:9a98565826a91e3d756eeae9c759b4a90ed47f37092e9c7d29af60b383049bd2_arm64, openshift4/ptp-must-gather-rhel8@sha256:9a98565826a91e3d756eeae9c759b4a90ed47f37092e9c7d29af60b383049bd2_arm64, openshift4/ptp-must-gather-rhel8@sha256:9a98565826a91e3d756eeae9c759b4a90ed47f37092e9c7d29af60b383049bd2_arm64 |
| Red Hat | openshift4/metallb-rhel8@sha256:b74b42b48eac7f6305233a3a3f030a41f44fc0a49f2b0e996c4ad99661cee34b_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/metallb-rhel8@sha256:b74b42b48eac7f6305233a3a3f030a41f44fc0a49f2b0e996c4ad99661cee34b_amd64, openshift4/metallb-rhel8@sha256:b74b42b48eac7f6305233a3a3f030a41f44fc0a49f2b0e996c4ad99661cee34b_amd64, openshift4/metallb-rhel8@sha256:b74b42b48eac7f6305233a3a3f030a41f44fc0a49f2b0e996c4ad99661cee34b_amd64 |
| Red Hat | openshift4/ose-sriov-infiniband-cni@sha256:17263a2d5da1b2cb72c676174c6d81d44f231fcc38d40b01e1c74f5ace75645a_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | *, openshift4/ose-sriov-infiniband-cni@sha256:17263a2d5da1b2cb72c676174c6d81d44f231fcc38d40b01e1c74f5ace75645a_arm64, openshift4/ose-sriov-infiniband-cni@sha256:17263a2d5da1b2cb72c676174c6d81d44f231fcc38d40b01e1c74f5ace75645a_arm64 |
| Red Hat | openshift4/ose-local-storage-mustgather-rhel8@sha256:45ba633c930f36df918ed2ca42599efaf35ff1d57989739f5ba47f9f41fb3190_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-local-storage-mustgather-rhel8@sha256:45ba633c930f36df918ed2ca42599efaf35ff1d57989739f5ba47f9f41fb3190_arm64, *, * |
| Red Hat | openshift4/ose-cluster-capacity@sha256:80bf47111e5c24403c74088ad52ac009693f7e2737bdb96e5c03c83f9f43c1c2_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | *, *, openshift4/ose-cluster-capacity@sha256:80bf47111e5c24403c74088ad52ac009693f7e2737bdb96e5c03c83f9f43c1c2_arm64 |
| Red Hat | openshift4/ose-descheduler@sha256:9fa25b1af6f5eb1729f4365984fd8d7c338d5e0959a1fc69d92d368d8462ab77_s390x as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-descheduler@sha256:9fa25b1af6f5eb1729f4365984fd8d7c338d5e0959a1fc69d92d368d8462ab77_s390x, openshift4/ose-descheduler@sha256:9fa25b1af6f5eb1729f4365984fd8d7c338d5e0959a1fc69d92d368d8462ab77_s390x, openshift4/ose-descheduler@sha256:9fa25b1af6f5eb1729f4365984fd8d7c338d5e0959a1fc69d92d368d8462ab77_s390x |
| Red Hat | openshift4/ose-sriov-infiniband-cni@sha256:2892b1820ebf7f185f119bf56552e525853b27b0acb8bd935aee9dc29f59c989_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | *, *, * |
| Red Hat | openshift4/ose-sriov-network-device-plugin@sha256:a8d1cc3047f030faa2c85517ddadba8ea9d2ced14c4cab656c13cb1531e368dd_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-sriov-network-device-plugin@sha256:a8d1cc3047f030faa2c85517ddadba8ea9d2ced14c4cab656c13cb1531e368dd_amd64, *, openshift4/ose-sriov-network-device-plugin@sha256:a8d1cc3047f030faa2c85517ddadba8ea9d2ced14c4cab656c13cb1531e368dd_amd64 |
| Red Hat | openshift4/ose-clusterresourceoverride-rhel8@sha256:55dc561d75fa84315de15dc067537b75116ab8d41ffbff874dec70ea147d8ac2_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | *, openshift4/ose-clusterresourceoverride-rhel8@sha256:55dc561d75fa84315de15dc067537b75116ab8d41ffbff874dec70ea147d8ac2_amd64, openshift4/ose-clusterresourceoverride-rhel8@sha256:55dc561d75fa84315de15dc067537b75116ab8d41ffbff874dec70ea147d8ac2_amd64 |
| golang | golang.org/x/net/http2 | |
| Red Hat | openshift4/dpu-network-rhel8-operator@sha256:cbd9877899f6f9a0445d28647f0619c4d186e7a0824cc30986e24c0640c5be98_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/dpu-network-rhel8-operator@sha256:cbd9877899f6f9a0445d28647f0619c4d186e7a0824cc30986e24c0640c5be98_arm64, *, openshift4/dpu-network-rhel8-operator@sha256:cbd9877899f6f9a0445d28647f0619c4d186e7a0824cc30986e24c0640c5be98_arm64 |
| Red Hat | openshift4/metallb-rhel8-operator@sha256:ca5d88db03042677dfabcc969806a3e4c3a68029ba5ce0593e49edacab809fff_s390x as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/metallb-rhel8-operator@sha256:ca5d88db03042677dfabcc969806a3e4c3a68029ba5ce0593e49edacab809fff_s390x, openshift4/metallb-rhel8-operator@sha256:ca5d88db03042677dfabcc969806a3e4c3a68029ba5ce0593e49edacab809fff_s390x, openshift4/metallb-rhel8-operator@sha256:ca5d88db03042677dfabcc969806a3e4c3a68029ba5ce0593e49edacab809fff_s390x |
| Red Hat | openshift4/ose-local-storage-diskmaker@sha256:48187e20bfa1e3eaca876b1cbb320c49a71fb71ef6249a6739a5cbece6979a2c_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-local-storage-diskmaker@sha256:48187e20bfa1e3eaca876b1cbb320c49a71fb71ef6249a6739a5cbece6979a2c_arm64, openshift4/ose-local-storage-diskmaker@sha256:48187e20bfa1e3eaca876b1cbb320c49a71fb71ef6249a6739a5cbece6979a2c_arm64, openshift4/ose-local-storage-diskmaker@sha256:48187e20bfa1e3eaca876b1cbb320c49a71fb71ef6249a6739a5cbece6979a2c_arm64 |
| Red Hat | openshift4/cloud-event-proxy-rhel8@sha256:ff2c66593c08bd48cfd312e3c69ed3af69cec1a609939e34cd178f33da062921_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/cloud-event-proxy-rhel8@sha256:ff2c66593c08bd48cfd312e3c69ed3af69cec1a609939e34cd178f33da062921_amd64, *, openshift4/cloud-event-proxy-rhel8@sha256:ff2c66593c08bd48cfd312e3c69ed3af69cec1a609939e34cd178f33da062921_amd64 |
| Red Hat | openshift4/ose-cluster-capacity@sha256:d5455d582a4a3a6da70910d4328105a73a9895c9367badb6ccad8c0015465e8b_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-cluster-capacity@sha256:d5455d582a4a3a6da70910d4328105a73a9895c9367badb6ccad8c0015465e8b_amd64, *, openshift4/ose-cluster-capacity@sha256:d5455d582a4a3a6da70910d4328105a73a9895c9367badb6ccad8c0015465e8b_amd64 |
| Red Hat | openshift4/ose-local-storage-operator@sha256:84dfb23aed3ff74d69ed8e6bd815da8bd340ee229dc3cad9d308ea65a8d7f72a_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-local-storage-operator@sha256:84dfb23aed3ff74d69ed8e6bd815da8bd340ee229dc3cad9d308ea65a8d7f72a_amd64, *, openshift4/ose-local-storage-operator@sha256:84dfb23aed3ff74d69ed8e6bd815da8bd340ee229dc3cad9d308ea65a8d7f72a_amd64 |
| Red Hat | openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:3e9cf553d14b200456a246be355e9ee740ff072efdcd962aabd01ce42702cf4d_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:3e9cf553d14b200456a246be355e9ee740ff072efdcd962aabd01ce42702cf4d_amd64, openshift4/ose-csi-driver-shared-resource-mustgather-rhel8@sha256:3e9cf553d14b200456a246be355e9ee740ff072efdcd962aabd01ce42702cf4d_amd64, * |
| Red Hat | openshift4/dpu-network-rhel8-operator@sha256:53c7c148f3a31cc4bd4b60cdc735b8842b9c50945bfc68a8f414ed838542010c_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/dpu-network-rhel8-operator@sha256:53c7c148f3a31cc4bd4b60cdc735b8842b9c50945bfc68a8f414ed838542010c_amd64, openshift4/dpu-network-rhel8-operator@sha256:53c7c148f3a31cc4bd4b60cdc735b8842b9c50945bfc68a8f414ed838542010c_amd64, openshift4/dpu-network-rhel8-operator@sha256:53c7c148f3a31cc4bd4b60cdc735b8842b9c50945bfc68a8f414ed838542010c_amd64 |
| Red Hat | openshift4/ose-node-problem-detector-rhel8@sha256:876660cbac5c897b0cb205ce22518ceb631ec76278ad85ec06ae8b99c8a80f95_s390x as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-node-problem-detector-rhel8@sha256:876660cbac5c897b0cb205ce22518ceb631ec76278ad85ec06ae8b99c8a80f95_s390x, *, openshift4/ose-node-problem-detector-rhel8@sha256:876660cbac5c897b0cb205ce22518ceb631ec76278ad85ec06ae8b99c8a80f95_s390x |
…and 287 more
Timeline
- Oct 25, 2023 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- May 21, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2023:5895 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2243296 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5895.json advisory
- https://access.redhat.com/security/cve/CVE-2023-39325 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-39325 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-39325 advisory
- https://access.redhat.com/security/cve/CVE-2023-44487 advisory
- https://go.dev/issue/63417 advisory
- https://pkg.go.dev/vuln/GO-2023-2102 advisory
- https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 advisory