RHSA-2023%3A6239
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift-service-mesh/kiali-rhel8-operator@sha256:2b06fd2dd516b04a5ef54744114db0e2dbd48741ae8a41eb647334bdd6eb6404_arm64 as a component of RHOSSM 2.4 for RHEL 8 | * |
| Red Hat | openshift-service-mesh/kiali-rhel8@sha256:e533eeb5e448687b73754f82502a735a08f46b7260c62170ee88ea35907261fa_amd64 as a component of RHOSSM 2.4 for RHEL 8 | * |
| Red Hat | openshift-service-mesh/kiali-rhel8-operator@sha256:31e0a2e76216573ed7f27d218152911d3765a38c71e4834be276fe4d1944fe04_s390x as a component of RHOSSM 2.4 for RHEL 8 | openshift-service-mesh/kiali-rhel8-operator@sha256:31e0a2e76216573ed7f27d218152911d3765a38c71e4834be276fe4d1944fe04_s390x |
| Red Hat | openshift-service-mesh/kiali-rhel8@sha256:d9c8aa68fdbd3f1e163db6cacc9282fc7a91474cf855cc44679177bba68365f4_s390x as a component of RHOSSM 2.4 for RHEL 8 | openshift-service-mesh/kiali-rhel8@sha256:d9c8aa68fdbd3f1e163db6cacc9282fc7a91474cf855cc44679177bba68365f4_s390x |
| Red Hat | openshift-service-mesh/kiali-rhel8-operator@sha256:31e0a2e76216573ed7f27d218152911d3765a38c71e4834be276fe4d1944fe04_s390x as a component of RHOSSM 2.4 for RHEL 8 | openshift-service-mesh/kiali-rhel8-operator@sha256:31e0a2e76216573ed7f27d218152911d3765a38c71e4834be276fe4d1944fe04_s390x |
| Red Hat | openshift-service-mesh/kiali-rhel8-operator@sha256:2b06fd2dd516b04a5ef54744114db0e2dbd48741ae8a41eb647334bdd6eb6404_arm64 as a component of RHOSSM 2.4 for RHEL 8 | openshift-service-mesh/kiali-rhel8-operator@sha256:2b06fd2dd516b04a5ef54744114db0e2dbd48741ae8a41eb647334bdd6eb6404_arm64 |
| Red Hat | openshift-service-mesh/kiali-rhel8-operator@sha256:29bbacd9971b9ccb2b64b1485ebcafeea7294b3518cb4c467c37452503e12a0d_amd64 as a component of RHOSSM 2.4 for RHEL 8 | * |
| Red Hat | openshift-service-mesh/kiali-rhel8-operator@sha256:6a073f75a99df21d3185900e1c9e44ea2a6f9995fc3bcc4c826c20884ba92748_ppc64le as a component of RHOSSM 2.4 for RHEL 8 | openshift-service-mesh/kiali-rhel8-operator@sha256:6a073f75a99df21d3185900e1c9e44ea2a6f9995fc3bcc4c826c20884ba92748_ppc64le |
| Red Hat | openshift-service-mesh/kiali-rhel8-operator@sha256:29bbacd9971b9ccb2b64b1485ebcafeea7294b3518cb4c467c37452503e12a0d_amd64 as a component of RHOSSM 2.4 for RHEL 8 | openshift-service-mesh/kiali-rhel8-operator@sha256:29bbacd9971b9ccb2b64b1485ebcafeea7294b3518cb4c467c37452503e12a0d_amd64 |
| Red Hat | openshift-service-mesh/kiali-rhel8@sha256:14284b2fcd21b2aa7eab7269b1ae22d6efd9705267e455035eb129e66ea21a5c_arm64 as a component of RHOSSM 2.4 for RHEL 8 | openshift-service-mesh/kiali-rhel8@sha256:14284b2fcd21b2aa7eab7269b1ae22d6efd9705267e455035eb129e66ea21a5c_arm64 |
| Red Hat | openshift-service-mesh/kiali-rhel8@sha256:e533eeb5e448687b73754f82502a735a08f46b7260c62170ee88ea35907261fa_amd64 as a component of RHOSSM 2.4 for RHEL 8 | openshift-service-mesh/kiali-rhel8@sha256:e533eeb5e448687b73754f82502a735a08f46b7260c62170ee88ea35907261fa_amd64 |
| Red Hat | openshift-service-mesh/kiali-rhel8@sha256:14284b2fcd21b2aa7eab7269b1ae22d6efd9705267e455035eb129e66ea21a5c_arm64 as a component of RHOSSM 2.4 for RHEL 8 | openshift-service-mesh/kiali-rhel8@sha256:14284b2fcd21b2aa7eab7269b1ae22d6efd9705267e455035eb129e66ea21a5c_arm64 |
| Red Hat | openshift-service-mesh/kiali-rhel8-operator@sha256:6a073f75a99df21d3185900e1c9e44ea2a6f9995fc3bcc4c826c20884ba92748_ppc64le as a component of RHOSSM 2.4 for RHEL 8 | openshift-service-mesh/kiali-rhel8-operator@sha256:6a073f75a99df21d3185900e1c9e44ea2a6f9995fc3bcc4c826c20884ba92748_ppc64le |
| Red Hat | openshift-service-mesh/kiali-rhel8@sha256:e9478516ca737881e7616c1e009c1ffee5ef4d24f31b656a262510118d45633e_ppc64le as a component of RHOSSM 2.4 for RHEL 8 | * |
| Red Hat | openshift-service-mesh/kiali-rhel8@sha256:d9c8aa68fdbd3f1e163db6cacc9282fc7a91474cf855cc44679177bba68365f4_s390x as a component of RHOSSM 2.4 for RHEL 8 | * |
| Red Hat | openshift-service-mesh/kiali-rhel8@sha256:e9478516ca737881e7616c1e009c1ffee5ef4d24f31b656a262510118d45633e_ppc64le as a component of RHOSSM 2.4 for RHEL 8 | openshift-service-mesh/kiali-rhel8@sha256:e9478516ca737881e7616c1e009c1ffee5ef4d24f31b656a262510118d45633e_ppc64le |
Timeline
- Nov 1, 2023 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 30, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2023:6239 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2242803 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6239.json advisory
- https://access.redhat.com/security/cve/CVE-2023-44487 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-44487 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-44487 advisory
- https://github.com/dotnet/announcements/issues/277 advisory
- https://pkg.go.dev/vuln/GO-2023-2102 advisory
- https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 advisory
- https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog exploit