RHSA-2023%3A6126
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/ose-multus-whereabouts-ipam-cni-rhel8@sha256:2f5a47b0245412eb76059a55faef90bb37a5831abcff79afc61bcc317309c510_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-multus-whereabouts-ipam-cni-rhel8@sha256:2f5a47b0245412eb76059a55faef90bb37a5831abcff79afc61bcc317309c510_arm64, openshift4/ose-multus-whereabouts-ipam-cni-rhel8@sha256:2f5a47b0245412eb76059a55faef90bb37a5831abcff79afc61bcc317309c510_arm64, * |
| Red Hat | openshift4/ose-prometheus-config-reloader@sha256:46ff4ab7a02d7edf32293094d3220609ee473038f44ec5bf324f32460ed3642c_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-prometheus-config-reloader@sha256:46ff4ab7a02d7edf32293094d3220609ee473038f44ec5bf324f32460ed3642c_ppc64le, *, openshift4/ose-prometheus-config-reloader@sha256:46ff4ab7a02d7edf32293094d3220609ee473038f44ec5bf324f32460ed3642c_ppc64le |
| Red Hat | openshift4/ose-service-ca-operator@sha256:b4ca57292c8a225f64d8a84779bd5065381886fda924b94254d1e7903e563702_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-service-ca-operator@sha256:b4ca57292c8a225f64d8a84779bd5065381886fda924b94254d1e7903e563702_arm64, openshift4/ose-service-ca-operator@sha256:b4ca57292c8a225f64d8a84779bd5065381886fda924b94254d1e7903e563702_arm64, openshift4/ose-service-ca-operator@sha256:b4ca57292c8a225f64d8a84779bd5065381886fda924b94254d1e7903e563702_arm64 |
| Red Hat | openshift4/ose-tools-rhel8@sha256:50323652262a201fe0c374ab05368fe7a9404f725869d6ae4668d55b0e507cd7_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | *, openshift4/ose-tools-rhel8@sha256:50323652262a201fe0c374ab05368fe7a9404f725869d6ae4668d55b0e507cd7_ppc64le, openshift4/ose-tools-rhel8@sha256:50323652262a201fe0c374ab05368fe7a9404f725869d6ae4668d55b0e507cd7_ppc64le |
| Red Hat | openshift4/ose-csi-driver-shared-resource-operator-rhel8@sha256:3d4adc909e8092e8cd72a405fce709945901480ba47e5cc877718ab4af2ac234_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-csi-driver-shared-resource-operator-rhel8@sha256:3d4adc909e8092e8cd72a405fce709945901480ba47e5cc877718ab4af2ac234_amd64, openshift4/ose-csi-driver-shared-resource-operator-rhel8@sha256:3d4adc909e8092e8cd72a405fce709945901480ba47e5cc877718ab4af2ac234_amd64, openshift4/ose-csi-driver-shared-resource-operator-rhel8@sha256:3d4adc909e8092e8cd72a405fce709945901480ba47e5cc877718ab4af2ac234_amd64 |
| Red Hat | openshift4/ose-csi-external-attacher@sha256:a96f3316d0c00074c79b8ea2b7f6750faf03ff61e93a7605d59e96c0ca971d3c_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-csi-external-attacher@sha256:a96f3316d0c00074c79b8ea2b7f6750faf03ff61e93a7605d59e96c0ca971d3c_amd64, openshift4/ose-csi-external-attacher@sha256:a96f3316d0c00074c79b8ea2b7f6750faf03ff61e93a7605d59e96c0ca971d3c_amd64, * |
| Red Hat | openshift4/ose-cli@sha256:1e2f9ba0e745268a40fc0e1332c217d7e003ca1e744ef40c6a173014e345192f_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-cli@sha256:1e2f9ba0e745268a40fc0e1332c217d7e003ca1e744ef40c6a173014e345192f_ppc64le, openshift4/ose-cli@sha256:1e2f9ba0e745268a40fc0e1332c217d7e003ca1e744ef40c6a173014e345192f_ppc64le, openshift4/ose-cli@sha256:1e2f9ba0e745268a40fc0e1332c217d7e003ca1e744ef40c6a173014e345192f_ppc64le |
| Red Hat | openshift4/ose-cluster-policy-controller-rhel8@sha256:3287c4c161155bd61558cb6ae425716043d1a4cd16b2239bfb5996a6695ddd62_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | *, *, * |
| Red Hat | openshift4/ose-cluster-image-registry-operator@sha256:c43e31cde2f35edff75f8588d929cf469811fcd8edd27720b66074cc926e972b_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-cluster-image-registry-operator@sha256:c43e31cde2f35edff75f8588d929cf469811fcd8edd27720b66074cc926e972b_amd64, openshift4/ose-cluster-image-registry-operator@sha256:c43e31cde2f35edff75f8588d929cf469811fcd8edd27720b66074cc926e972b_amd64, openshift4/ose-cluster-image-registry-operator@sha256:c43e31cde2f35edff75f8588d929cf469811fcd8edd27720b66074cc926e972b_amd64 |
| Red Hat | openshift4/ose-cluster-network-operator@sha256:c6f74ffeecebebf6533f3776cca329f5f57bd117d193e0c73dbb4df075ddf56f_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-cluster-network-operator@sha256:c6f74ffeecebebf6533f3776cca329f5f57bd117d193e0c73dbb4df075ddf56f_arm64, openshift4/ose-cluster-network-operator@sha256:c6f74ffeecebebf6533f3776cca329f5f57bd117d193e0c73dbb4df075ddf56f_arm64, * |
| Red Hat | openshift4/ose-openshift-state-metrics-rhel8@sha256:0f6249ab16e94886e4a3eb32518969d9bca86acb01926408f51f33bf72ebd94c_s390x as a component of Red Hat OpenShift Container Platform 4.12 | *, *, openshift4/ose-openshift-state-metrics-rhel8@sha256:0f6249ab16e94886e4a3eb32518969d9bca86acb01926408f51f33bf72ebd94c_s390x |
| Red Hat | openshift4/ose-vsphere-csi-driver-operator-rhel8@sha256:1846874ed36f82e05455e3a3d7124de0db7759d2a14c19d33c4b4e2890b91ced_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-vsphere-csi-driver-operator-rhel8@sha256:1846874ed36f82e05455e3a3d7124de0db7759d2a14c19d33c4b4e2890b91ced_amd64, *, * |
| Red Hat | openshift4/ose-ibm-vpc-block-csi-driver-rhel8@sha256:c0e15406da54cbb28b81783cf8335ce2aa5bdb83554d51fbcc743ce7f2b6bedc_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-ibm-vpc-block-csi-driver-rhel8@sha256:c0e15406da54cbb28b81783cf8335ce2aa5bdb83554d51fbcc743ce7f2b6bedc_amd64, openshift4/ose-ibm-vpc-block-csi-driver-rhel8@sha256:c0e15406da54cbb28b81783cf8335ce2aa5bdb83554d51fbcc743ce7f2b6bedc_amd64, * |
| Red Hat | openshift4/openshift-route-controller-manager-rhel8@sha256:6472a8a786f0c1d400ffc7ec65094e35d9c9b82e3350b61250b0e16fd53cc7a2_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | *, openshift4/openshift-route-controller-manager-rhel8@sha256:6472a8a786f0c1d400ffc7ec65094e35d9c9b82e3350b61250b0e16fd53cc7a2_amd64, openshift4/openshift-route-controller-manager-rhel8@sha256:6472a8a786f0c1d400ffc7ec65094e35d9c9b82e3350b61250b0e16fd53cc7a2_amd64 |
| Red Hat | openshift4/ose-cluster-cloud-controller-manager-operator-rhel8@sha256:2156d32a1ba18f1440f00fa786ef5cc0a7cbd8ffa4eae7f1e408c38ae844bb01_s390x as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-cluster-cloud-controller-manager-operator-rhel8@sha256:2156d32a1ba18f1440f00fa786ef5cc0a7cbd8ffa4eae7f1e408c38ae844bb01_s390x, *, * |
| Red Hat | openshift4/ose-deployer@sha256:2e6ca1e721d5935b3ecc9e7a4d4244651479bc142274bbfb9eb30eb9accea2ce_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-deployer@sha256:2e6ca1e721d5935b3ecc9e7a4d4244651479bc142274bbfb9eb30eb9accea2ce_amd64, openshift4/ose-deployer@sha256:2e6ca1e721d5935b3ecc9e7a4d4244651479bc142274bbfb9eb30eb9accea2ce_amd64, * |
| Red Hat | openshift4/ose-csi-snapshot-validation-webhook-rhel8@sha256:b2e6a7d90a8a8aa4d8457d97ae91621494e2e2163c78b94b29030a9748ac77f9_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-csi-snapshot-validation-webhook-rhel8@sha256:b2e6a7d90a8a8aa4d8457d97ae91621494e2e2163c78b94b29030a9748ac77f9_arm64, *, * |
| Red Hat | openshift4/ose-cluster-etcd-rhel8-operator@sha256:95bbc4d2da70410f7580278a92a378c9fef1ef66c1f5705fd1b94e8eb6981c02_s390x as a component of Red Hat OpenShift Container Platform 4.12 | *, openshift4/ose-cluster-etcd-rhel8-operator@sha256:95bbc4d2da70410f7580278a92a378c9fef1ef66c1f5705fd1b94e8eb6981c02_s390x, openshift4/ose-cluster-etcd-rhel8-operator@sha256:95bbc4d2da70410f7580278a92a378c9fef1ef66c1f5705fd1b94e8eb6981c02_s390x |
| Red Hat | openshift4/ose-kube-storage-version-migrator-rhel8@sha256:67df4021f47adf4737440f6f157ac1d00a976947ef27173df606ad26a1b03635_s390x as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-kube-storage-version-migrator-rhel8@sha256:67df4021f47adf4737440f6f157ac1d00a976947ef27173df606ad26a1b03635_s390x, openshift4/ose-kube-storage-version-migrator-rhel8@sha256:67df4021f47adf4737440f6f157ac1d00a976947ef27173df606ad26a1b03635_s390x, * |
| Red Hat | rhcos@sha256:569f43583360a0d055b5f5265b33043035603dd65aeaa15d9eeb516d4dea99ad_s390x as a component of Red Hat OpenShift Container Platform 4.12 | *, *, * |
…and 1264 more
Timeline
- Nov 1, 2023 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- May 21, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2023:6126 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2243296 issue
- https://issues.redhat.com/browse/OCPBUGS-18644 advisory
- https://issues.redhat.com/browse/OCPBUGS-18681 advisory
- https://issues.redhat.com/browse/OCPBUGS-19008 advisory
- https://issues.redhat.com/browse/OCPBUGS-19549 advisory
- https://issues.redhat.com/browse/OCPBUGS-20197 advisory
- https://issues.redhat.com/browse/OCPBUGS-20241 advisory
- https://issues.redhat.com/browse/OCPBUGS-20248 advisory
- https://issues.redhat.com/browse/OCPBUGS-20291 advisory
- https://issues.redhat.com/browse/OCPBUGS-20551 advisory
- https://issues.redhat.com/browse/OCPBUGS-21727 advisory
- https://issues.redhat.com/browse/OCPBUGS-21731 advisory
- https://issues.redhat.com/browse/OCPBUGS-22247 advisory
- https://issues.redhat.com/browse/OCPBUGS-22268 advisory
- https://issues.redhat.com/browse/OCPBUGS-22288 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6126.json advisory
- https://access.redhat.com/security/cve/CVE-2023-39325 advisory
…and 6 more