RHSA-2023%3A6071
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | advanced-cluster-security/rhacs-rhel8-operator@sha256:e2c292eebafb277fbb4d273e9edfe22435b2201e08c02c04011330e0c13fa335_s390x as a component of RHACS 4.0 for RHEL 8 | *, advanced-cluster-security/rhacs-rhel8-operator@sha256:e2c292eebafb277fbb4d273e9edfe22435b2201e08c02c04011330e0c13fa335_s390x, advanced-cluster-security/rhacs-rhel8-operator@sha256:e2c292eebafb277fbb4d273e9edfe22435b2201e08c02c04011330e0c13fa335_s390x |
| Red Hat | advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3829f94879b2512ae6d38f617a734e79ef9ab7de6f6c1ae1318346d6144e636_s390x as a component of RHACS 4.0 for RHEL 8 | advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3829f94879b2512ae6d38f617a734e79ef9ab7de6f6c1ae1318346d6144e636_s390x, *, advanced-cluster-security/rhacs-scanner-db-slim-rhel8@sha256:a3829f94879b2512ae6d38f617a734e79ef9ab7de6f6c1ae1318346d6144e636_s390x |
| Red Hat | advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9f2e86b59baf64ec0e15b190676a8a81d8742f4cf88e8c216bafe3fd355a534f_ppc64le as a component of RHACS 4.0 for RHEL 8 | advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9f2e86b59baf64ec0e15b190676a8a81d8742f4cf88e8c216bafe3fd355a534f_ppc64le, advanced-cluster-security/rhacs-roxctl-rhel8@sha256:9f2e86b59baf64ec0e15b190676a8a81d8742f4cf88e8c216bafe3fd355a534f_ppc64le, * |
| Red Hat | advanced-cluster-security/rhacs-collector-rhel8@sha256:7b40266e9bcf63f9d17057d41a8d74a6996666a17bae8f5480d18bf68b3d36be_s390x as a component of RHACS 4.0 for RHEL 8 | advanced-cluster-security/rhacs-collector-rhel8@sha256:7b40266e9bcf63f9d17057d41a8d74a6996666a17bae8f5480d18bf68b3d36be_s390x, *, * |
| Red Hat | advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:b60c0000ee6f5c5bfcee7ecac40feac1029f8520236cec8eb76a7353f7fab2b5_ppc64le as a component of RHACS 4.0 for RHEL 8 | advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:b60c0000ee6f5c5bfcee7ecac40feac1029f8520236cec8eb76a7353f7fab2b5_ppc64le, advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:b60c0000ee6f5c5bfcee7ecac40feac1029f8520236cec8eb76a7353f7fab2b5_ppc64le, advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:b60c0000ee6f5c5bfcee7ecac40feac1029f8520236cec8eb76a7353f7fab2b5_ppc64le |
| Red Hat | advanced-cluster-security/rhacs-collector-rhel8@sha256:a59f4e48c51878df91baf624c89a5157f7b6298a14260c0b5d6f902a2aeb574a_ppc64le as a component of RHACS 4.0 for RHEL 8 | advanced-cluster-security/rhacs-collector-rhel8@sha256:a59f4e48c51878df91baf624c89a5157f7b6298a14260c0b5d6f902a2aeb574a_ppc64le, advanced-cluster-security/rhacs-collector-rhel8@sha256:a59f4e48c51878df91baf624c89a5157f7b6298a14260c0b5d6f902a2aeb574a_ppc64le, advanced-cluster-security/rhacs-collector-rhel8@sha256:a59f4e48c51878df91baf624c89a5157f7b6298a14260c0b5d6f902a2aeb574a_ppc64le |
| Red Hat | advanced-cluster-security/rhacs-central-db-rhel8@sha256:a26eaebf47bcf49be38da18badf53884fe8a39b2110de2288e5f83a1ee761202_ppc64le as a component of RHACS 4.0 for RHEL 8 | advanced-cluster-security/rhacs-central-db-rhel8@sha256:a26eaebf47bcf49be38da18badf53884fe8a39b2110de2288e5f83a1ee761202_ppc64le, advanced-cluster-security/rhacs-central-db-rhel8@sha256:a26eaebf47bcf49be38da18badf53884fe8a39b2110de2288e5f83a1ee761202_ppc64le, * |
| Red Hat | advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:8a56051d40e5c4c82c188303b7572da6e4bf21ce1f999db97ab878f59431b8f5_amd64 as a component of RHACS 4.0 for RHEL 8 | *, *, * |
| Red Hat | advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:e8cf8dd749a23a9fb3ae23ed2263ada05c6e13c035535c3796eb465f9a071f8f_s390x as a component of RHACS 4.0 for RHEL 8 | advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:e8cf8dd749a23a9fb3ae23ed2263ada05c6e13c035535c3796eb465f9a071f8f_s390x, advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:e8cf8dd749a23a9fb3ae23ed2263ada05c6e13c035535c3796eb465f9a071f8f_s390x, * |
| Red Hat | advanced-cluster-security/rhacs-collector-rhel8@sha256:681c44488bef3551c8a48b955cb4f80377336474b5eff91d751df9616b403c90_amd64 as a component of RHACS 4.0 for RHEL 8 | *, advanced-cluster-security/rhacs-collector-rhel8@sha256:681c44488bef3551c8a48b955cb4f80377336474b5eff91d751df9616b403c90_amd64, advanced-cluster-security/rhacs-collector-rhel8@sha256:681c44488bef3551c8a48b955cb4f80377336474b5eff91d751df9616b403c90_amd64 |
| Red Hat | advanced-cluster-security/rhacs-rhel8-operator@sha256:37d3b4a85e1214f54d485732f20a83c88a20622a66de83f5f445d9b6274cafe2_amd64 as a component of RHACS 4.0 for RHEL 8 | advanced-cluster-security/rhacs-rhel8-operator@sha256:37d3b4a85e1214f54d485732f20a83c88a20622a66de83f5f445d9b6274cafe2_amd64, advanced-cluster-security/rhacs-rhel8-operator@sha256:37d3b4a85e1214f54d485732f20a83c88a20622a66de83f5f445d9b6274cafe2_amd64, advanced-cluster-security/rhacs-rhel8-operator@sha256:37d3b4a85e1214f54d485732f20a83c88a20622a66de83f5f445d9b6274cafe2_amd64 |
| Red Hat | advanced-cluster-security/rhacs-scanner-rhel8@sha256:e08d42e2c6c12932ec1f915bb153111076ced6d82a9205f1998e0cb970f9ca11_ppc64le as a component of RHACS 4.0 for RHEL 8 | advanced-cluster-security/rhacs-scanner-rhel8@sha256:e08d42e2c6c12932ec1f915bb153111076ced6d82a9205f1998e0cb970f9ca11_ppc64le, advanced-cluster-security/rhacs-scanner-rhel8@sha256:e08d42e2c6c12932ec1f915bb153111076ced6d82a9205f1998e0cb970f9ca11_ppc64le, advanced-cluster-security/rhacs-scanner-rhel8@sha256:e08d42e2c6c12932ec1f915bb153111076ced6d82a9205f1998e0cb970f9ca11_ppc64le |
| Red Hat | advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:af78c6089f148a256854511669e111271d80dc0eba571d9f47628429bce66835_s390x as a component of RHACS 4.0 for RHEL 8 | advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:af78c6089f148a256854511669e111271d80dc0eba571d9f47628429bce66835_s390x, advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:af78c6089f148a256854511669e111271d80dc0eba571d9f47628429bce66835_s390x, advanced-cluster-security/rhacs-scanner-db-rhel8@sha256:af78c6089f148a256854511669e111271d80dc0eba571d9f47628429bce66835_s390x |
| Red Hat | advanced-cluster-security/rhacs-rhel8-operator@sha256:b52ff18b3d963f57dc7aeb5ffc8143aaa6eb76bea5e7912fe2f0fc6e7a6f3245_ppc64le as a component of RHACS 4.0 for RHEL 8 | *, *, * |
| Red Hat | advanced-cluster-security/rhacs-rhel8-operator@sha256:e2c292eebafb277fbb4d273e9edfe22435b2201e08c02c04011330e0c13fa335_s390x as a component of RHACS 4.0 for RHEL 8 | *, advanced-cluster-security/rhacs-rhel8-operator@sha256:e2c292eebafb277fbb4d273e9edfe22435b2201e08c02c04011330e0c13fa335_s390x, * |
| Red Hat | advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:410b2c74ad914d4f09f1a64cd51da7ed057b891dd0f2a9803bc168f5b0a81aab_amd64 as a component of RHACS 4.0 for RHEL 8 | advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:410b2c74ad914d4f09f1a64cd51da7ed057b891dd0f2a9803bc168f5b0a81aab_amd64, *, advanced-cluster-security/rhacs-scanner-slim-rhel8@sha256:410b2c74ad914d4f09f1a64cd51da7ed057b891dd0f2a9803bc168f5b0a81aab_amd64 |
| Red Hat | advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:b3f8f5122676f1a9a46f38f7cf8e265536f275ecb7c2ad08874f5e792cc12af0_s390x as a component of RHACS 4.0 for RHEL 8 | advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:b3f8f5122676f1a9a46f38f7cf8e265536f275ecb7c2ad08874f5e792cc12af0_s390x, advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:b3f8f5122676f1a9a46f38f7cf8e265536f275ecb7c2ad08874f5e792cc12af0_s390x, * |
| Red Hat | advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8d01a5d038f9f778df054ab9533ff700dfafc72a8b6e086910f2e5db0634b21b_amd64 as a component of RHACS 4.0 for RHEL 8 | advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8d01a5d038f9f778df054ab9533ff700dfafc72a8b6e086910f2e5db0634b21b_amd64, advanced-cluster-security/rhacs-collector-slim-rhel8@sha256:8d01a5d038f9f778df054ab9533ff700dfafc72a8b6e086910f2e5db0634b21b_amd64, * |
| Red Hat | advanced-cluster-security/rhacs-collector-rhel8@sha256:7b40266e9bcf63f9d17057d41a8d74a6996666a17bae8f5480d18bf68b3d36be_s390x as a component of RHACS 4.0 for RHEL 8 | advanced-cluster-security/rhacs-collector-rhel8@sha256:7b40266e9bcf63f9d17057d41a8d74a6996666a17bae8f5480d18bf68b3d36be_s390x, advanced-cluster-security/rhacs-collector-rhel8@sha256:7b40266e9bcf63f9d17057d41a8d74a6996666a17bae8f5480d18bf68b3d36be_s390x, advanced-cluster-security/rhacs-collector-rhel8@sha256:7b40266e9bcf63f9d17057d41a8d74a6996666a17bae8f5480d18bf68b3d36be_s390x |
| Red Hat | advanced-cluster-security/rhacs-operator-bundle@sha256:c2f484a894fe64522f40b9d0c16e19e933560505aec2e156f7ba543e3f0331bb_ppc64le as a component of RHACS 4.0 for RHEL 8 | advanced-cluster-security/rhacs-operator-bundle@sha256:c2f484a894fe64522f40b9d0c16e19e933560505aec2e156f7ba543e3f0331bb_ppc64le, *, * |
…and 47 more
Timeline
- Oct 24, 2023 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- May 21, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2023:6071 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://docs.openshift.com/acs/4.0/release_notes/40-release-notes.html advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2243296 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6071.json advisory
- https://access.redhat.com/security/cve/CVE-2023-39325 advisory
- https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-39325 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-39325 advisory
- https://access.redhat.com/security/cve/CVE-2023-44487 advisory
- https://go.dev/issue/63417 advisory
- https://pkg.go.dev/vuln/GO-2023-2102 advisory
- https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 advisory