RHSA-2023%3A6129
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/ose-cluster-nfd-operator@sha256:12daaed1d90ca668046444bd34f0526b0f6025ceb1c80c8fc72ff33c8d147224_ppc64le as a component of Red Hat OpenShift Container Platform 4.13 | *, *, * |
| Red Hat | openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:2c5e50e2d27b3264be154a02d1a2334c086280c231de4996dad66cbbf10a4c98_ppc64le as a component of Red Hat OpenShift Container Platform 4.13 | *, openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:2c5e50e2d27b3264be154a02d1a2334c086280c231de4996dad66cbbf10a4c98_ppc64le, openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:2c5e50e2d27b3264be154a02d1a2334c086280c231de4996dad66cbbf10a4c98_ppc64le |
| Red Hat | openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:8d775abcce8f3ea93015a34a8c198776ee6d5579531808ded540e36ba388005e_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:8d775abcce8f3ea93015a34a8c198776ee6d5579531808ded540e36ba388005e_amd64, openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:8d775abcce8f3ea93015a34a8c198776ee6d5579531808ded540e36ba388005e_amd64, openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:8d775abcce8f3ea93015a34a8c198776ee6d5579531808ded540e36ba388005e_amd64 |
| Red Hat | openshift4/ingress-node-firewall@sha256:aac652852848988e4f6b2a93e4e167ce03262209e30fdfbcd9e615fb60d1b597_s390x as a component of Red Hat OpenShift Container Platform 4.13 | *, openshift4/ingress-node-firewall@sha256:aac652852848988e4f6b2a93e4e167ce03262209e30fdfbcd9e615fb60d1b597_s390x, openshift4/ingress-node-firewall@sha256:aac652852848988e4f6b2a93e4e167ce03262209e30fdfbcd9e615fb60d1b597_s390x |
| Red Hat | openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:9380b581667dee61ca2895e6e970f01779fc333dbbcd6c98dd305d82cfa1567a_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:9380b581667dee61ca2895e6e970f01779fc333dbbcd6c98dd305d82cfa1567a_arm64, openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:9380b581667dee61ca2895e6e970f01779fc333dbbcd6c98dd305d82cfa1567a_arm64, * |
| Red Hat | openshift4/ose-local-storage-mustgather-rhel8@sha256:3b9dec60f12ae6fb249cb48fc5c2e7ea753b6a7de647a42e39fe10af8a5d1d78_ppc64le as a component of Red Hat OpenShift Container Platform 4.13 | *, *, openshift4/ose-local-storage-mustgather-rhel8@sha256:3b9dec60f12ae6fb249cb48fc5c2e7ea753b6a7de647a42e39fe10af8a5d1d78_ppc64le |
| Red Hat | openshift4/ose-ptp-operator@sha256:369d5bc04ed6d8aa934813a9695fe7b7f976b8061b1690712bece367b3d0e1ca_ppc64le as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-ptp-operator@sha256:369d5bc04ed6d8aa934813a9695fe7b7f976b8061b1690712bece367b3d0e1ca_ppc64le, openshift4/ose-ptp-operator@sha256:369d5bc04ed6d8aa934813a9695fe7b7f976b8061b1690712bece367b3d0e1ca_ppc64le, openshift4/ose-ptp-operator@sha256:369d5bc04ed6d8aa934813a9695fe7b7f976b8061b1690712bece367b3d0e1ca_ppc64le |
| Red Hat | openshift4/ose-cluster-capacity@sha256:cbe8bd7f34ac3aa47c87dd4e2473077bfd686ae38422144ee88c9cebed8e522e_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-cluster-capacity@sha256:cbe8bd7f34ac3aa47c87dd4e2473077bfd686ae38422144ee88c9cebed8e522e_amd64, openshift4/ose-cluster-capacity@sha256:cbe8bd7f34ac3aa47c87dd4e2473077bfd686ae38422144ee88c9cebed8e522e_amd64, openshift4/ose-cluster-capacity@sha256:cbe8bd7f34ac3aa47c87dd4e2473077bfd686ae38422144ee88c9cebed8e522e_amd64 |
| Red Hat | openshift4/metallb-rhel8@sha256:dad9b83e0fb1c1ac802cb2f95932e227467e6cc3c630c569a2f46f2d4c6b8cda_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/metallb-rhel8@sha256:dad9b83e0fb1c1ac802cb2f95932e227467e6cc3c630c569a2f46f2d4c6b8cda_amd64, openshift4/metallb-rhel8@sha256:dad9b83e0fb1c1ac802cb2f95932e227467e6cc3c630c569a2f46f2d4c6b8cda_amd64, openshift4/metallb-rhel8@sha256:dad9b83e0fb1c1ac802cb2f95932e227467e6cc3c630c569a2f46f2d4c6b8cda_amd64 |
| Red Hat | openshift-tech-preview/metallb-rhel8@sha256:dad9b83e0fb1c1ac802cb2f95932e227467e6cc3c630c569a2f46f2d4c6b8cda_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift-tech-preview/metallb-rhel8@sha256:dad9b83e0fb1c1ac802cb2f95932e227467e6cc3c630c569a2f46f2d4c6b8cda_amd64, openshift-tech-preview/metallb-rhel8@sha256:dad9b83e0fb1c1ac802cb2f95932e227467e6cc3c630c569a2f46f2d4c6b8cda_amd64, openshift-tech-preview/metallb-rhel8@sha256:dad9b83e0fb1c1ac802cb2f95932e227467e6cc3c630c569a2f46f2d4c6b8cda_amd64 |
| Red Hat | openshift4/metallb-rhel8-operator@sha256:67a802fa4be2a9d8cfd661d36c8e9f88b07a68f318f2c878b741bae30b78241a_s390x as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/metallb-rhel8-operator@sha256:67a802fa4be2a9d8cfd661d36c8e9f88b07a68f318f2c878b741bae30b78241a_s390x, openshift4/metallb-rhel8-operator@sha256:67a802fa4be2a9d8cfd661d36c8e9f88b07a68f318f2c878b741bae30b78241a_s390x, openshift4/metallb-rhel8-operator@sha256:67a802fa4be2a9d8cfd661d36c8e9f88b07a68f318f2c878b741bae30b78241a_s390x |
| Red Hat | openshift4/ose-ansible-operator@sha256:4ca5fe22a10929b0a4ce6b3f5d22b8ed4e6c7da2e8be4b4a6731db8735a3eb66_s390x as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-ansible-operator@sha256:4ca5fe22a10929b0a4ce6b3f5d22b8ed4e6c7da2e8be4b4a6731db8735a3eb66_s390x, *, openshift4/ose-ansible-operator@sha256:4ca5fe22a10929b0a4ce6b3f5d22b8ed4e6c7da2e8be4b4a6731db8735a3eb66_s390x |
| Red Hat | openshift4/ose-local-storage-mustgather-rhel8@sha256:36e226018b729d091d18bda697a1f61d07bc0de2d071bc2afc9dc28aeac136c7_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | *, *, * |
| Red Hat | openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:a861507aa4fbf67528ccb1cea0b9e813c07a8529ed7e2d3e6dc0d2da235786a1_ppc64le as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:a861507aa4fbf67528ccb1cea0b9e813c07a8529ed7e2d3e6dc0d2da235786a1_ppc64le, openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:a861507aa4fbf67528ccb1cea0b9e813c07a8529ed7e2d3e6dc0d2da235786a1_ppc64le, openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:a861507aa4fbf67528ccb1cea0b9e813c07a8529ed7e2d3e6dc0d2da235786a1_ppc64le |
| Red Hat | openshift4/ose-helm-operator@sha256:f6ff3a2a34d4ea9cdf6bb19ad978d3db8d611d8b045fae12215ca764370835aa_ppc64le as a component of Red Hat OpenShift Container Platform 4.13 | *, *, openshift4/ose-helm-operator@sha256:f6ff3a2a34d4ea9cdf6bb19ad978d3db8d611d8b045fae12215ca764370835aa_ppc64le |
| Red Hat | openshift-tech-preview/metallb-rhel8@sha256:5ea1a8f197e9c3b8cc11583b49a0c57f5679a57597e689101551d511b1cbd567_ppc64le as a component of Red Hat OpenShift Container Platform 4.13 | openshift-tech-preview/metallb-rhel8@sha256:5ea1a8f197e9c3b8cc11583b49a0c57f5679a57597e689101551d511b1cbd567_ppc64le, openshift-tech-preview/metallb-rhel8@sha256:5ea1a8f197e9c3b8cc11583b49a0c57f5679a57597e689101551d511b1cbd567_ppc64le, openshift-tech-preview/metallb-rhel8@sha256:5ea1a8f197e9c3b8cc11583b49a0c57f5679a57597e689101551d511b1cbd567_ppc64le |
| Red Hat | openshift4/ose-descheduler@sha256:786cab5554b522a05d97b18cbe2749103b39bf309ac37399d1fcf518a02f73f4_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-descheduler@sha256:786cab5554b522a05d97b18cbe2749103b39bf309ac37399d1fcf518a02f73f4_amd64, openshift4/ose-descheduler@sha256:786cab5554b522a05d97b18cbe2749103b39bf309ac37399d1fcf518a02f73f4_amd64, * |
| Red Hat | openshift4/ose-cluster-nfd-operator@sha256:e285b2dcba5f362fbbea4dbf6095bf3d101c69715a4a07251f28b67432f31b89_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-cluster-nfd-operator@sha256:e285b2dcba5f362fbbea4dbf6095bf3d101c69715a4a07251f28b67432f31b89_arm64, openshift4/ose-cluster-nfd-operator@sha256:e285b2dcba5f362fbbea4dbf6095bf3d101c69715a4a07251f28b67432f31b89_arm64, * |
| Red Hat | openshift4/ose-descheduler@sha256:3ecc0eeec64dba93f317d030b446e2c742518e034b82c555d4a7b997d008a13f_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-descheduler@sha256:3ecc0eeec64dba93f317d030b446e2c742518e034b82c555d4a7b997d008a13f_arm64, openshift4/ose-descheduler@sha256:3ecc0eeec64dba93f317d030b446e2c742518e034b82c555d4a7b997d008a13f_arm64, openshift4/ose-descheduler@sha256:3ecc0eeec64dba93f317d030b446e2c742518e034b82c555d4a7b997d008a13f_arm64 |
| Red Hat | openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:1dafc844953a5659832b5f70becd865a337602acfd6e75e6bb3b05878ec4849f_ppc64le as a component of Red Hat OpenShift Container Platform 4.13 | *, openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:1dafc844953a5659832b5f70becd865a337602acfd6e75e6bb3b05878ec4849f_ppc64le, openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:1dafc844953a5659832b5f70becd865a337602acfd6e75e6bb3b05878ec4849f_ppc64le |
…and 317 more
Timeline
- Oct 30, 2023 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- May 21, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2023:6129 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2242803 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2243296 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6129.json advisory
- https://access.redhat.com/security/cve/CVE-2023-39325 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-39325 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-39325 advisory
- https://access.redhat.com/security/cve/CVE-2023-44487 advisory
- https://go.dev/issue/63417 advisory
- https://pkg.go.dev/vuln/GO-2023-2102 advisory
- https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-44487 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-44487 advisory
- https://github.com/dotnet/announcements/issues/277 advisory
- https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog exploit