VDB

RHSA-2023%3A6041

RHSA-2023%3A6041 PUBLISHED CVSS 7.5 HIGH

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Red Hatworkload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64 as a component of Self Node Remediation 0.7 for RHEL 8*, *, *
Red Hatworkload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64 as a component of Self Node Remediation 0.7 for RHEL 8workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64, workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64, workload-availability/self-node-remediation-operator-bundle@sha256:9e8bcbff46b97f3bc1071146b8db233abd1630016e6fc0efb679df8243c6fd03_amd64
Red Hatworkload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64 as a component of Self Node Remediation 0.7 for RHEL 8
Red Hatworkload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64 as a component of Self Node Remediation 0.7 for RHEL 8*, workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64, workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64
Red Hatworkload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64 as a component of Self Node Remediation 0.7 for RHEL 8workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64, workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64, workload-availability/self-node-remediation-rhel8-operator@sha256:9b305b10d6b92ddcdddd7ec63e347bdbfb4a87f629b6490de27380f5ed9e6640_amd64

Timeline

  • Oct 23, 2023 CVE Published
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • May 21, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›