VDB

RHSA-2023%3A6239

RHSA-2023%3A6239 PUBLISHED CVSS 7.5 HIGH

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the Rapid Reset Attack in the Go language packages. Security Bulletin https://access.redhat.com/security/vulnerabilities/RHSB-2023-003

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Red Hatopenshift-service-mesh/kiali-rhel8-operator@sha256:2b06fd2dd516b04a5ef54744114db0e2dbd48741ae8a41eb647334bdd6eb6404_arm64 as a component of RHOSSM 2.4 for RHEL 8*
Red Hatopenshift-service-mesh/kiali-rhel8@sha256:e533eeb5e448687b73754f82502a735a08f46b7260c62170ee88ea35907261fa_amd64 as a component of RHOSSM 2.4 for RHEL 8*
Red Hatopenshift-service-mesh/kiali-rhel8-operator@sha256:31e0a2e76216573ed7f27d218152911d3765a38c71e4834be276fe4d1944fe04_s390x as a component of RHOSSM 2.4 for RHEL 8openshift-service-mesh/kiali-rhel8-operator@sha256:31e0a2e76216573ed7f27d218152911d3765a38c71e4834be276fe4d1944fe04_s390x
Red Hatopenshift-service-mesh/kiali-rhel8@sha256:d9c8aa68fdbd3f1e163db6cacc9282fc7a91474cf855cc44679177bba68365f4_s390x as a component of RHOSSM 2.4 for RHEL 8openshift-service-mesh/kiali-rhel8@sha256:d9c8aa68fdbd3f1e163db6cacc9282fc7a91474cf855cc44679177bba68365f4_s390x
Red Hatopenshift-service-mesh/kiali-rhel8-operator@sha256:31e0a2e76216573ed7f27d218152911d3765a38c71e4834be276fe4d1944fe04_s390x as a component of RHOSSM 2.4 for RHEL 8openshift-service-mesh/kiali-rhel8-operator@sha256:31e0a2e76216573ed7f27d218152911d3765a38c71e4834be276fe4d1944fe04_s390x
Red Hatopenshift-service-mesh/kiali-rhel8-operator@sha256:2b06fd2dd516b04a5ef54744114db0e2dbd48741ae8a41eb647334bdd6eb6404_arm64 as a component of RHOSSM 2.4 for RHEL 8openshift-service-mesh/kiali-rhel8-operator@sha256:2b06fd2dd516b04a5ef54744114db0e2dbd48741ae8a41eb647334bdd6eb6404_arm64
Red Hatopenshift-service-mesh/kiali-rhel8-operator@sha256:29bbacd9971b9ccb2b64b1485ebcafeea7294b3518cb4c467c37452503e12a0d_amd64 as a component of RHOSSM 2.4 for RHEL 8*
Red Hatopenshift-service-mesh/kiali-rhel8-operator@sha256:6a073f75a99df21d3185900e1c9e44ea2a6f9995fc3bcc4c826c20884ba92748_ppc64le as a component of RHOSSM 2.4 for RHEL 8openshift-service-mesh/kiali-rhel8-operator@sha256:6a073f75a99df21d3185900e1c9e44ea2a6f9995fc3bcc4c826c20884ba92748_ppc64le
Red Hatopenshift-service-mesh/kiali-rhel8-operator@sha256:29bbacd9971b9ccb2b64b1485ebcafeea7294b3518cb4c467c37452503e12a0d_amd64 as a component of RHOSSM 2.4 for RHEL 8openshift-service-mesh/kiali-rhel8-operator@sha256:29bbacd9971b9ccb2b64b1485ebcafeea7294b3518cb4c467c37452503e12a0d_amd64
Red Hatopenshift-service-mesh/kiali-rhel8@sha256:14284b2fcd21b2aa7eab7269b1ae22d6efd9705267e455035eb129e66ea21a5c_arm64 as a component of RHOSSM 2.4 for RHEL 8openshift-service-mesh/kiali-rhel8@sha256:14284b2fcd21b2aa7eab7269b1ae22d6efd9705267e455035eb129e66ea21a5c_arm64
Red Hatopenshift-service-mesh/kiali-rhel8@sha256:e533eeb5e448687b73754f82502a735a08f46b7260c62170ee88ea35907261fa_amd64 as a component of RHOSSM 2.4 for RHEL 8openshift-service-mesh/kiali-rhel8@sha256:e533eeb5e448687b73754f82502a735a08f46b7260c62170ee88ea35907261fa_amd64
Red Hatopenshift-service-mesh/kiali-rhel8@sha256:14284b2fcd21b2aa7eab7269b1ae22d6efd9705267e455035eb129e66ea21a5c_arm64 as a component of RHOSSM 2.4 for RHEL 8openshift-service-mesh/kiali-rhel8@sha256:14284b2fcd21b2aa7eab7269b1ae22d6efd9705267e455035eb129e66ea21a5c_arm64
Red Hatopenshift-service-mesh/kiali-rhel8-operator@sha256:6a073f75a99df21d3185900e1c9e44ea2a6f9995fc3bcc4c826c20884ba92748_ppc64le as a component of RHOSSM 2.4 for RHEL 8openshift-service-mesh/kiali-rhel8-operator@sha256:6a073f75a99df21d3185900e1c9e44ea2a6f9995fc3bcc4c826c20884ba92748_ppc64le
Red Hatopenshift-service-mesh/kiali-rhel8@sha256:e9478516ca737881e7616c1e009c1ffee5ef4d24f31b656a262510118d45633e_ppc64le as a component of RHOSSM 2.4 for RHEL 8*
Red Hatopenshift-service-mesh/kiali-rhel8@sha256:d9c8aa68fdbd3f1e163db6cacc9282fc7a91474cf855cc44679177bba68365f4_s390x as a component of RHOSSM 2.4 for RHEL 8*
Red Hatopenshift-service-mesh/kiali-rhel8@sha256:e9478516ca737881e7616c1e009c1ffee5ef4d24f31b656a262510118d45633e_ppc64le as a component of RHOSSM 2.4 for RHEL 8openshift-service-mesh/kiali-rhel8@sha256:e9478516ca737881e7616c1e009c1ffee5ef4d24f31b656a262510118d45633e_ppc64le

Timeline

  • Nov 1, 2023 CVE Published
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 30, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›