RHSA-2023%3A5896
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/ose-image-customization-controller-rhel8@sha256:125debe4fb4d1ea42fb6157c161c11b944b1521f0d762b656e60b8c5c101f6fe_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-image-customization-controller-rhel8@sha256:125debe4fb4d1ea42fb6157c161c11b944b1521f0d762b656e60b8c5c101f6fe_arm64 |
| Red Hat | openshift4/ose-cluster-monitoring-operator@sha256:3f578c07616d5c00ceea6ab7138ee3add35ccf4d9b117e13ae538deee195bd27_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-cluster-monitoring-operator@sha256:3f578c07616d5c00ceea6ab7138ee3add35ccf4d9b117e13ae538deee195bd27_amd64 |
| Red Hat | openshift4/ose-cloud-credential-operator@sha256:6c71c6c4ab31989ec858ee8cc788d7de4502d621b9d947a3ecbfebfe147b79a2_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-cloud-credential-operator@sha256:6c71c6c4ab31989ec858ee8cc788d7de4502d621b9d947a3ecbfebfe147b79a2_arm64 |
| Red Hat | openshift4/ose-prometheus-operator@sha256:da1701a4c82c370c2d514bb6dc11cfbd77e190573f45e4a9e15f7e1fd548e3ea_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-prometheus-operator@sha256:da1701a4c82c370c2d514bb6dc11cfbd77e190573f45e4a9e15f7e1fd548e3ea_amd64 |
| Red Hat | openshift4/ose-cluster-monitoring-operator@sha256:fd3858691452d8c78a2829ffd1c6ddca1e935d445d24172204e08fe0b5bc555b_s390x as a component of Red Hat OpenShift Container Platform 4.12 | * |
| Red Hat | openshift4/ose-apiserver-network-proxy-rhel8@sha256:871ca896efbb11faa656dd8f6f50dd52e31ed8941fc5720eb1821fed774a29bb_s390x as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-apiserver-network-proxy-rhel8@sha256:871ca896efbb11faa656dd8f6f50dd52e31ed8941fc5720eb1821fed774a29bb_s390x |
| Red Hat | openshift4/ose-aws-pod-identity-webhook-rhel8@sha256:665523f7dd47276f05deff8b46a3623680fa53e576d2b9660183d9414fa4b4ed_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | * |
| Red Hat | openshift4/ose-ovn-kubernetes@sha256:469fc5673e5ba6d0214d34df5cee2b939a0618fef919f884eb96a665b3c1ccb9_s390x as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-ovn-kubernetes@sha256:469fc5673e5ba6d0214d34df5cee2b939a0618fef919f884eb96a665b3c1ccb9_s390x |
| Red Hat | openshift4/ose-insights-rhel8-operator@sha256:83b1e0bbec77ec6064c1f076d727b17119b4d768b8b7218f3aba18ae64668f57_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-insights-rhel8-operator@sha256:83b1e0bbec77ec6064c1f076d727b17119b4d768b8b7218f3aba18ae64668f57_amd64 |
| Red Hat | openshift4/ose-csi-snapshot-controller@sha256:b3dadce83e92251c76172eade1751f52ae1547ac960ef318b21123aa083ba4c0_s390x as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-csi-snapshot-controller@sha256:b3dadce83e92251c76172eade1751f52ae1547ac960ef318b21123aa083ba4c0_s390x |
| Red Hat | openshift4/ose-cloud-credential-operator@sha256:cebdd612a4255035d4736359ae721ec2a62979f6016a2231b223be375a0626ea_s390x as a component of Red Hat OpenShift Container Platform 4.12 | * |
| Red Hat | openshift4/ose-deployer@sha256:e1c7f57c8358b75c3ffc8989be080256ea33a67de8710f04c42e3799d00feb72_s390x as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-deployer@sha256:e1c7f57c8358b75c3ffc8989be080256ea33a67de8710f04c42e3799d00feb72_s390x |
| Red Hat | openshift4/ose-kube-storage-version-migrator-rhel8@sha256:4ae688391bcb77f2cbb91e85f551bcea67425ef990d28a6f7d9bbbf0bcf88880_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-kube-storage-version-migrator-rhel8@sha256:4ae688391bcb77f2cbb91e85f551bcea67425ef990d28a6f7d9bbbf0bcf88880_arm64 |
| Red Hat | openshift4/ose-csi-driver-manila-rhel8@sha256:6b8f7430610adfa57c52f3fc45fc82fb0c5fd595d9870c950363ad7306bb93df_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-csi-driver-manila-rhel8@sha256:6b8f7430610adfa57c52f3fc45fc82fb0c5fd595d9870c950363ad7306bb93df_ppc64le |
| Red Hat | openshift4/ose-ibm-cloud-controller-manager-rhel8@sha256:ed002cebd55aa75f937566befb5cdb8d56e63aab8f31bce99730ecf20cc34b1d_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-ibm-cloud-controller-manager-rhel8@sha256:ed002cebd55aa75f937566befb5cdb8d56e63aab8f31bce99730ecf20cc34b1d_amd64 |
| Red Hat | openshift4/ose-ovirt-machine-controllers-rhel8@sha256:eaf9bd8606b6fc13576a6900fd694e70ce89a71bec6bec0209ef5e86f61c4781_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-ovirt-machine-controllers-rhel8@sha256:eaf9bd8606b6fc13576a6900fd694e70ce89a71bec6bec0209ef5e86f61c4781_ppc64le |
| Red Hat | openshift4/ose-cluster-capi-operator-container-rhel8@sha256:8127f7872e14051ab13f4c8ed8895bcd798083a15905f37014d8c8feae28c8c9_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-cluster-capi-operator-container-rhel8@sha256:8127f7872e14051ab13f4c8ed8895bcd798083a15905f37014d8c8feae28c8c9_amd64 |
| Red Hat | openshift4/ose-kubevirt-cloud-controller-manager-rhel8@sha256:0f0fbfc1d5d16c5a4e66578d106f76d3d0d8cac6db5dd17ce853446f8c92f247_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | * |
| Red Hat | openshift4/ose-nutanix-machine-controllers-rhel8@sha256:686a23af32a538e01c81aca4408ba36839489afc7d2c9438471177a5986fdf80_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-nutanix-machine-controllers-rhel8@sha256:686a23af32a538e01c81aca4408ba36839489afc7d2c9438471177a5986fdf80_amd64 |
| Red Hat | openshift4/ose-baremetal-rhel8-operator@sha256:3b76ef57b2ead6815535a7afee1fb4ee60ce9299bb3bb9e8cd78a093dfd46abe_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-baremetal-rhel8-operator@sha256:3b76ef57b2ead6815535a7afee1fb4ee60ce9299bb3bb9e8cd78a093dfd46abe_ppc64le |
…and 1236 more
Timeline
- Oct 25, 2023 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 30, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2023:5896 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2242803 issue
- https://issues.redhat.com/browse/OCPBUGS-17651 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_5896.json advisory
- https://access.redhat.com/security/cve/CVE-2023-44487 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-44487 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-44487 advisory
- https://github.com/dotnet/announcements/issues/277 advisory
- https://pkg.go.dev/vuln/GO-2023-2102 advisory
- https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 advisory
- https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog exploit