VDB
RHSA-2023%3A6248
RHSA-2023%3A6248
PUBLISHED
CVSS 7.5 HIGH
A flaw was found in golang. A maliciously crafted HTTP/2 stream could cause excessive CPU consumption in the HPACK decoder, sufficient to cause a denial of service from a small number of requests.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | container-native-virtualization/virt-artifacts-server@sha256:383022adea0838abf0e7394b95059b995e616427eed4fff1e65d125c14c0a7e5_amd64 as a component of CNV 4.12 for RHEL 8 | *, *, * |
| Red Hat | container-native-virtualization/kubemacpool@sha256:a63b4835f1e1afc3d5da3b80526e494ace5fe6917a51526648b9b1228168f552_amd64 as a component of CNV 4.12 for RHEL 8 | container-native-virtualization/kubemacpool@sha256:a63b4835f1e1afc3d5da3b80526e494ace5fe6917a51526648b9b1228168f552_amd64, container-native-virtualization/kubemacpool@sha256:a63b4835f1e1afc3d5da3b80526e494ace5fe6917a51526648b9b1228168f552_amd64, container-native-virtualization/kubemacpool@sha256:a63b4835f1e1afc3d5da3b80526e494ace5fe6917a51526648b9b1228168f552_amd64 |
| Red Hat | container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:aa24caef43563243aa45e2146a9be4ebe15a55e7d47cd043d0a2e1094d4662bb_amd64 as a component of CNV 4.12 for RHEL 8 | container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:aa24caef43563243aa45e2146a9be4ebe15a55e7d47cd043d0a2e1094d4662bb_amd64, *, container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:aa24caef43563243aa45e2146a9be4ebe15a55e7d47cd043d0a2e1094d4662bb_amd64 |
| Red Hat | container-native-virtualization/hostpath-csi-driver@sha256:6b9c72bfb44b3ed66ffbe7785bfa44d81bed9b5c802e8f664d5bd129789a108a_amd64 as a component of CNV 4.12 for RHEL 8 | container-native-virtualization/hostpath-csi-driver@sha256:6b9c72bfb44b3ed66ffbe7785bfa44d81bed9b5c802e8f664d5bd129789a108a_amd64, container-native-virtualization/hostpath-csi-driver@sha256:6b9c72bfb44b3ed66ffbe7785bfa44d81bed9b5c802e8f664d5bd129789a108a_amd64, container-native-virtualization/hostpath-csi-driver@sha256:6b9c72bfb44b3ed66ffbe7785bfa44d81bed9b5c802e8f664d5bd129789a108a_amd64 |
| Red Hat | container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:108b0a434e22eb7837b225f711d63303a08193d8af3883522c992d6486c26353_amd64 as a component of CNV 4.12 for RHEL 8 | container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:108b0a434e22eb7837b225f711d63303a08193d8af3883522c992d6486c26353_amd64, container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:108b0a434e22eb7837b225f711d63303a08193d8af3883522c992d6486c26353_amd64, container-native-virtualization/kubevirt-tekton-tasks-operator@sha256:108b0a434e22eb7837b225f711d63303a08193d8af3883522c992d6486c26353_amd64 |
| Red Hat | container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:aa24caef43563243aa45e2146a9be4ebe15a55e7d47cd043d0a2e1094d4662bb_amd64 as a component of CNV 4.12 for RHEL 8 | container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize@sha256:aa24caef43563243aa45e2146a9be4ebe15a55e7d47cd043d0a2e1094d4662bb_amd64, *, * |
| Red Hat | container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:b9f5f854305f631dd893995365e92ecb6a20085c84cab124bd5a1f715bbf110b_amd64 as a component of CNV 4.12 for RHEL 8 | *, container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:b9f5f854305f631dd893995365e92ecb6a20085c84cab124bd5a1f715bbf110b_amd64, * |
| Red Hat | container-native-virtualization/kubevirt-template-validator@sha256:053df4781a11f4353e06fcc7b12e8fb81a52b7bccab5f8a6c98f56947d05c270_amd64 as a component of CNV 4.12 for RHEL 8 | *, *, container-native-virtualization/kubevirt-template-validator@sha256:053df4781a11f4353e06fcc7b12e8fb81a52b7bccab5f8a6c98f56947d05c270_amd64 |
| Red Hat | container-native-virtualization/virt-controller@sha256:c7ef9a1f3dcd6ba257b3f6a5431cf8cce5809a4b76fa14523c65b45af995bc40_amd64 as a component of CNV 4.12 for RHEL 8 | container-native-virtualization/virt-controller@sha256:c7ef9a1f3dcd6ba257b3f6a5431cf8cce5809a4b76fa14523c65b45af995bc40_amd64, *, * |
| Red Hat | container-native-virtualization/virt-exportserver@sha256:13a1fd0199c6af5555c7a357f495b160304a67fc680dc57fde1dea98a6a08e67_amd64 as a component of CNV 4.12 for RHEL 8 | container-native-virtualization/virt-exportserver@sha256:13a1fd0199c6af5555c7a357f495b160304a67fc680dc57fde1dea98a6a08e67_amd64, *, container-native-virtualization/virt-exportserver@sha256:13a1fd0199c6af5555c7a357f495b160304a67fc680dc57fde1dea98a6a08e67_amd64 |
| Red Hat | container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:0cb042eb4f9f6c8d1436d010eb9691ceb5c02f0f273ae458780ad92727f45908_amd64 as a component of CNV 4.12 for RHEL 8 | container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:0cb042eb4f9f6c8d1436d010eb9691ceb5c02f0f273ae458780ad92727f45908_amd64, container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:0cb042eb4f9f6c8d1436d010eb9691ceb5c02f0f273ae458780ad92727f45908_amd64, container-native-virtualization/kubevirt-tekton-tasks-disk-virt-sysprep@sha256:0cb042eb4f9f6c8d1436d010eb9691ceb5c02f0f273ae458780ad92727f45908_amd64 |
| Red Hat | container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:b9f5f854305f631dd893995365e92ecb6a20085c84cab124bd5a1f715bbf110b_amd64 as a component of CNV 4.12 for RHEL 8 | container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:b9f5f854305f631dd893995365e92ecb6a20085c84cab124bd5a1f715bbf110b_amd64, container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:b9f5f854305f631dd893995365e92ecb6a20085c84cab124bd5a1f715bbf110b_amd64, container-native-virtualization/kubevirt-tekton-tasks-copy-template@sha256:b9f5f854305f631dd893995365e92ecb6a20085c84cab124bd5a1f715bbf110b_amd64 |
| Red Hat | container-native-virtualization/virt-operator@sha256:c2daeb82867dd85031ec6bb2251f9ba7e6a3961ad89c59d96c4d223e7856824c_amd64 as a component of CNV 4.12 for RHEL 8 | container-native-virtualization/virt-operator@sha256:c2daeb82867dd85031ec6bb2251f9ba7e6a3961ad89c59d96c4d223e7856824c_amd64, *, * |
| Red Hat | container-native-virtualization/virt-cdi-cloner@sha256:fba428882b1637778d373ebd4c86842235fad5115334110e5d41514ccfde64c6_amd64 as a component of CNV 4.12 for RHEL 8 | *, container-native-virtualization/virt-cdi-cloner@sha256:fba428882b1637778d373ebd4c86842235fad5115334110e5d41514ccfde64c6_amd64, container-native-virtualization/virt-cdi-cloner@sha256:fba428882b1637778d373ebd4c86842235fad5115334110e5d41514ccfde64c6_amd64 |
| Red Hat | container-native-virtualization/virt-cdi-controller@sha256:97208eac253cb235dd67214dc6e8bdc5335f438250b662c4ba30fb6735ea6ecb_amd64 as a component of CNV 4.12 for RHEL 8 | *, *, container-native-virtualization/virt-cdi-controller@sha256:97208eac253cb235dd67214dc6e8bdc5335f438250b662c4ba30fb6735ea6ecb_amd64 |
| Red Hat | container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:420a2f4a5ccf17d354945725efd872ce48042afb02f9446348d95086f6c074e6_amd64 as a component of CNV 4.12 for RHEL 8 | *, container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:420a2f4a5ccf17d354945725efd872ce48042afb02f9446348d95086f6c074e6_amd64, container-native-virtualization/kubevirt-tekton-tasks-create-vm-from-template@sha256:420a2f4a5ccf17d354945725efd872ce48042afb02f9446348d95086f6c074e6_amd64 |
| Red Hat | container-native-virtualization/ovs-cni-plugin@sha256:dc55c6e82516b8fc6b80b858cc9c308384998b8bb578252ca25e919e3fcf7c08_amd64 as a component of CNV 4.12 for RHEL 8 | *, *, * |
| Red Hat | container-native-virtualization/virt-operator@sha256:c2daeb82867dd85031ec6bb2251f9ba7e6a3961ad89c59d96c4d223e7856824c_amd64 as a component of CNV 4.12 for RHEL 8 | container-native-virtualization/virt-operator@sha256:c2daeb82867dd85031ec6bb2251f9ba7e6a3961ad89c59d96c4d223e7856824c_amd64, *, container-native-virtualization/virt-operator@sha256:c2daeb82867dd85031ec6bb2251f9ba7e6a3961ad89c59d96c4d223e7856824c_amd64 |
| Red Hat | container-native-virtualization/virt-api@sha256:8a8079e2bed79b5d18796db8ba44d56610b68544974e55c851b0116997b82414_amd64 as a component of CNV 4.12 for RHEL 8 | *, container-native-virtualization/virt-api@sha256:8a8079e2bed79b5d18796db8ba44d56610b68544974e55c851b0116997b82414_amd64, container-native-virtualization/virt-api@sha256:8a8079e2bed79b5d18796db8ba44d56610b68544974e55c851b0116997b82414_amd64 |
| Red Hat | container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:6337cb6e7978d8622f6948f81bd927ba97265baaedf3c527bf2b0bc9d33fd7af_amd64 as a component of CNV 4.12 for RHEL 8 | container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:6337cb6e7978d8622f6948f81bd927ba97265baaedf3c527bf2b0bc9d33fd7af_amd64, container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template@sha256:6337cb6e7978d8622f6948f81bd927ba97265baaedf3c527bf2b0bc9d33fd7af_amd64, * |
…and 67 more
Timeline
- Nov 1, 2023 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- May 21, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2023:6248 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2178358 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2242803 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2243296 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6248.json advisory
- https://access.redhat.com/security/cve/CVE-2022-41723 advisory
- https://www.cve.org/CVERecord?id=CVE-2022-41723 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2022-41723 advisory
- https://github.com/advisories/GHSA-vvpx-j8f3-3w6h advisory
- https://go.dev/cl/468135 advisory
- https://go.dev/cl/468295 advisory
- https://go.dev/issue/57855 advisory
- https://groups.google.com/g/golang-announce/c/V0aBFqaFs_E advisory
- https://pkg.go.dev/vuln/GO-2023-1571 advisory
- https://vuln.go.dev/ID/GO-2023-1571.json advisory
- https://access.redhat.com/security/cve/CVE-2023-39325 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-39325 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-39325 advisory
…and 9 more