RHSA-2023%3A6272 — Vulnetix

RHSA-2023%3A6272 PUBLISHED CVSS 7.5 HIGH

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.

Risk Scores

CVSS 3.1

7.5

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

…and 1205 more

Exploit Intelligence

HTTP/2 attack simulation & defense lab - Slowloris, Rapid Reset (CVE-2023-44487), HPACK Bomb attacks with 5 layered defenses. Built in pure Python with raw sockets and h2 library. (github-poc-repo)
HTTP/2 attack simulation & defense lab - Slowloris, Rapid Reset (CVE-2023-44487), HPACK Bomb attacks with 5 layered defenses. Built in pure Python with raw sockets and h2 library. (github-poc)
Plan v3 US-6: coredns-style fork fixture for Scanner E2E (CVE-2023-39325) (github-poc-repo)
Plan v3 US-6: coredns-style fork fixture for Scanner E2E (CVE-2023-39325) (github-poc)
Educational environment for LTAT.04.022 Homework 4. (github-poc-repo)
Educational environment for LTAT.04.022 Homework 4. (github-poc)
TYuan0816/cve-2023-44487 (github-poc-repo)
sn130hk/CVE-2023-44487 (github-poc-repo)
RapidResetClient (github-poc-repo)
POC for CVE-2023-44487 (github-poc-repo)

…and 68 more exploits

Timeline

Nov 8, 2023 CVE Published
Apr 25, 2026 Distribution Patch
Apr 25, 2026 Distribution Patch
Apr 25, 2026 Security Advisory
Apr 25, 2026 Security Advisory
Apr 25, 2026 Security Advisory
May 21, 2026 CVE Updated

References

https://access.redhat.com/errata/RHSA-2023:6272 advisory
https://access.redhat.com/security/updates/classification/#important advisory
https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2242803 issue
https://bugzilla.redhat.com/show_bug.cgi?id=2243296 issue
https://issues.redhat.com/browse/OCPBUGS-19424 advisory
https://issues.redhat.com/browse/OCPBUGS-20292 advisory
https://issues.redhat.com/browse/OCPBUGS-20359 advisory
https://issues.redhat.com/browse/OCPBUGS-20486 advisory
https://issues.redhat.com/browse/OCPBUGS-22433 advisory
https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6272.json advisory
https://access.redhat.com/security/cve/CVE-2023-39325 advisory
https://www.cve.org/CVERecord?id=CVE-2023-39325 advisory
https://nvd.nist.gov/vuln/detail/CVE-2023-39325 advisory
https://access.redhat.com/security/cve/CVE-2023-44487 advisory
https://go.dev/issue/63417 advisory
https://pkg.go.dev/vuln/GO-2023-2102 advisory
https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 advisory
https://www.cve.org/CVERecord?id=CVE-2023-44487 advisory
https://nvd.nist.gov/vuln/detail/CVE-2023-44487 advisory

…and 3 more

Open in Interactive Console →

Vendor	Product	Versions
Red Hat	openshift4/driver-toolkit-rhel8@sha256:c198039813bf19c4e9e466115e4a5ba0e348f53a454c058d96acdbb6e10665e8_s390x as a component of Red Hat OpenShift Container Platform 4.11	openshift4/driver-toolkit-rhel8@sha256:c198039813bf19c4e9e466115e4a5ba0e348f53a454c058d96acdbb6e10665e8_s390x, openshift4/driver-toolkit-rhel8@sha256:c198039813bf19c4e9e466115e4a5ba0e348f53a454c058d96acdbb6e10665e8_s390x, openshift4/driver-toolkit-rhel8@sha256:c198039813bf19c4e9e466115e4a5ba0e348f53a454c058d96acdbb6e10665e8_s390x
Red Hat	openshift4/ose-oauth-server-rhel8@sha256:02abd083b9c3cb965b824cb50c3f7ed0e6d490ce4714545efcf3aab9b2c8f4d7_ppc64le as a component of Red Hat OpenShift Container Platform 4.11	*, openshift4/ose-oauth-server-rhel8@sha256:02abd083b9c3cb965b824cb50c3f7ed0e6d490ce4714545efcf3aab9b2c8f4d7_ppc64le, openshift4/ose-oauth-server-rhel8@sha256:02abd083b9c3cb965b824cb50c3f7ed0e6d490ce4714545efcf3aab9b2c8f4d7_ppc64le
Red Hat	openshift4/ose-csi-snapshot-controller-rhel8@sha256:a5cd9ad70ba8256931e79f85b5164524ceebd953c001b265d0b9521652f302fd_amd64 as a component of Red Hat OpenShift Container Platform 4.11	openshift4/ose-csi-snapshot-controller-rhel8@sha256:a5cd9ad70ba8256931e79f85b5164524ceebd953c001b265d0b9521652f302fd_amd64, openshift4/ose-csi-snapshot-controller-rhel8@sha256:a5cd9ad70ba8256931e79f85b5164524ceebd953c001b265d0b9521652f302fd_amd64, openshift4/ose-csi-snapshot-controller-rhel8@sha256:a5cd9ad70ba8256931e79f85b5164524ceebd953c001b265d0b9521652f302fd_amd64
Red Hat	openshift4/ose-ovn-kubernetes@sha256:478707a2f0ffd68611e9cb24b13733b06deef6966c8475ad77814f0da8914d11_s390x as a component of Red Hat OpenShift Container Platform 4.11	, , openshift4/ose-ovn-kubernetes@sha256:478707a2f0ffd68611e9cb24b13733b06deef6966c8475ad77814f0da8914d11_s390x
Red Hat	openshift4/ose-csi-external-attacher@sha256:63750ca4603ff8908c211b52b1d174a0e6ee4c1cfa84889b9c1d9fe849ee9055_ppc64le as a component of Red Hat OpenShift Container Platform 4.11	openshift4/ose-csi-external-attacher@sha256:63750ca4603ff8908c211b52b1d174a0e6ee4c1cfa84889b9c1d9fe849ee9055_ppc64le, *, openshift4/ose-csi-external-attacher@sha256:63750ca4603ff8908c211b52b1d174a0e6ee4c1cfa84889b9c1d9fe849ee9055_ppc64le
Red Hat	openshift4/ose-ovn-kubernetes@sha256:61ca3dc092b03d4e4f9b54704377c6422ae033163d72f9eed7033d544adf583d_ppc64le as a component of Red Hat OpenShift Container Platform 4.11	openshift4/ose-ovn-kubernetes@sha256:61ca3dc092b03d4e4f9b54704377c6422ae033163d72f9eed7033d544adf583d_ppc64le, ,
Red Hat	openshift4/ose-sdn-rhel8@sha256:874b6c9f54151304602a75fe54ed8828a01ca9e0c5f32df097bcebe844bbc2c5_amd64 as a component of Red Hat OpenShift Container Platform 4.11	openshift4/ose-sdn-rhel8@sha256:874b6c9f54151304602a75fe54ed8828a01ca9e0c5f32df097bcebe844bbc2c5_amd64, *, openshift4/ose-sdn-rhel8@sha256:874b6c9f54151304602a75fe54ed8828a01ca9e0c5f32df097bcebe844bbc2c5_amd64
Red Hat	openshift4/ose-azure-file-csi-driver-operator-rhel8@sha256:dfb04f651468e89423db280b798051cab62b8c79a47bb15a9876a46502813762_arm64 as a component of Red Hat OpenShift Container Platform 4.11	*, openshift4/ose-azure-file-csi-driver-operator-rhel8@sha256:dfb04f651468e89423db280b798051cab62b8c79a47bb15a9876a46502813762_arm64, openshift4/ose-azure-file-csi-driver-operator-rhel8@sha256:dfb04f651468e89423db280b798051cab62b8c79a47bb15a9876a46502813762_arm64
Red Hat	openshift4/ose-configmap-reloader@sha256:dab3fab2da67fc70f62d4bbdef2a6573e90c088a1bc8c6b1f257e8765350f0ea_arm64 as a component of Red Hat OpenShift Container Platform 4.11	openshift4/ose-configmap-reloader@sha256:dab3fab2da67fc70f62d4bbdef2a6573e90c088a1bc8c6b1f257e8765350f0ea_arm64, openshift4/ose-configmap-reloader@sha256:dab3fab2da67fc70f62d4bbdef2a6573e90c088a1bc8c6b1f257e8765350f0ea_arm64, openshift4/ose-configmap-reloader@sha256:dab3fab2da67fc70f62d4bbdef2a6573e90c088a1bc8c6b1f257e8765350f0ea_arm64
Red Hat	openshift4/ose-multus-networkpolicy-rhel8@sha256:400633a9d2f854e1cd338f56a8800874495dc9022b6348506cce42433ef48121_s390x as a component of Red Hat OpenShift Container Platform 4.11	openshift4/ose-multus-networkpolicy-rhel8@sha256:400633a9d2f854e1cd338f56a8800874495dc9022b6348506cce42433ef48121_s390x, *, openshift4/ose-multus-networkpolicy-rhel8@sha256:400633a9d2f854e1cd338f56a8800874495dc9022b6348506cce42433ef48121_s390x
Red Hat	openshift4/ose-agent-installer-node-agent-rhel8@sha256:4d1b32d4e9b3a2e99a9d08291fd4d83100f20d341f19f3b31a3fed1b0410729d_ppc64le as a component of Red Hat OpenShift Container Platform 4.11	, , *
Red Hat	openshift4/ose-kube-rbac-proxy@sha256:ab291018d614bcc2e2b0a91dc08789b54fc0cac80101aaa249a75a506ca6bba2_s390x as a component of Red Hat OpenShift Container Platform 4.11	openshift4/ose-kube-rbac-proxy@sha256:ab291018d614bcc2e2b0a91dc08789b54fc0cac80101aaa249a75a506ca6bba2_s390x, openshift4/ose-kube-rbac-proxy@sha256:ab291018d614bcc2e2b0a91dc08789b54fc0cac80101aaa249a75a506ca6bba2_s390x, *
Red Hat	openshift4/ose-vsphere-cluster-api-controllers-rhel8@sha256:e21c5fd821adf3f668e9c1a38f749f6bf71602aad2d30f89972de89e4c987207_amd64 as a component of Red Hat OpenShift Container Platform 4.11	openshift4/ose-vsphere-cluster-api-controllers-rhel8@sha256:e21c5fd821adf3f668e9c1a38f749f6bf71602aad2d30f89972de89e4c987207_amd64, openshift4/ose-vsphere-cluster-api-controllers-rhel8@sha256:e21c5fd821adf3f668e9c1a38f749f6bf71602aad2d30f89972de89e4c987207_amd64, openshift4/ose-vsphere-cluster-api-controllers-rhel8@sha256:e21c5fd821adf3f668e9c1a38f749f6bf71602aad2d30f89972de89e4c987207_amd64
Red Hat	openshift4/ose-openshift-controller-manager-rhel8@sha256:58a728d3108b1bbf89316a27a283e27f7d54919c15adec9028cd81bf1dd7127e_amd64 as a component of Red Hat OpenShift Container Platform 4.11	openshift4/ose-openshift-controller-manager-rhel8@sha256:58a728d3108b1bbf89316a27a283e27f7d54919c15adec9028cd81bf1dd7127e_amd64, openshift4/ose-openshift-controller-manager-rhel8@sha256:58a728d3108b1bbf89316a27a283e27f7d54919c15adec9028cd81bf1dd7127e_amd64, openshift4/ose-openshift-controller-manager-rhel8@sha256:58a728d3108b1bbf89316a27a283e27f7d54919c15adec9028cd81bf1dd7127e_amd64
Red Hat	openshift4/ose-openstack-cinder-csi-driver-rhel8@sha256:b6b6d1685f38fb7db7ce1de0db1a98a5afe70f9898a44166806c9c3907937c36_s390x as a component of Red Hat OpenShift Container Platform 4.11	*, openshift4/ose-openstack-cinder-csi-driver-rhel8@sha256:b6b6d1685f38fb7db7ce1de0db1a98a5afe70f9898a44166806c9c3907937c36_s390x, openshift4/ose-openstack-cinder-csi-driver-rhel8@sha256:b6b6d1685f38fb7db7ce1de0db1a98a5afe70f9898a44166806c9c3907937c36_s390x
Red Hat	openshift4/ose-csi-driver-manila-rhel8-operator@sha256:0e906218ce7ce1e8f0dfeb2c0ad663bb485b09e35a039203af7c1e05006e7b8e_amd64 as a component of Red Hat OpenShift Container Platform 4.11	openshift4/ose-csi-driver-manila-rhel8-operator@sha256:0e906218ce7ce1e8f0dfeb2c0ad663bb485b09e35a039203af7c1e05006e7b8e_amd64, openshift4/ose-csi-driver-manila-rhel8-operator@sha256:0e906218ce7ce1e8f0dfeb2c0ad663bb485b09e35a039203af7c1e05006e7b8e_amd64, *
Red Hat	openshift4/ose-cluster-ingress-operator@sha256:2fdba045927065b28e7f644768883e5184f98a5873e8ea74cb234d67c85748f2_s390x as a component of Red Hat OpenShift Container Platform 4.11	openshift4/ose-cluster-ingress-operator@sha256:2fdba045927065b28e7f644768883e5184f98a5873e8ea74cb234d67c85748f2_s390x, openshift4/ose-cluster-ingress-operator@sha256:2fdba045927065b28e7f644768883e5184f98a5873e8ea74cb234d67c85748f2_s390x, openshift4/ose-cluster-ingress-operator@sha256:2fdba045927065b28e7f644768883e5184f98a5873e8ea74cb234d67c85748f2_s390x
Red Hat	openshift4/ose-etcd@sha256:490fe7aabd9fda7b4c40fa26a8fd8800ec376cdb5aeb88e29f1f45a4db2ca6ce_ppc64le as a component of Red Hat OpenShift Container Platform 4.11	openshift4/ose-etcd@sha256:490fe7aabd9fda7b4c40fa26a8fd8800ec376cdb5aeb88e29f1f45a4db2ca6ce_ppc64le, openshift4/ose-etcd@sha256:490fe7aabd9fda7b4c40fa26a8fd8800ec376cdb5aeb88e29f1f45a4db2ca6ce_ppc64le, openshift4/ose-etcd@sha256:490fe7aabd9fda7b4c40fa26a8fd8800ec376cdb5aeb88e29f1f45a4db2ca6ce_ppc64le
Red Hat	openshift4/ose-cli-artifacts@sha256:96dc9a87125d233b608ed38e74d209334a22edaf152098b063fa11ca1fd8b323_amd64 as a component of Red Hat OpenShift Container Platform 4.11	*, openshift4/ose-cli-artifacts@sha256:96dc9a87125d233b608ed38e74d209334a22edaf152098b063fa11ca1fd8b323_amd64, openshift4/ose-cli-artifacts@sha256:96dc9a87125d233b608ed38e74d209334a22edaf152098b063fa11ca1fd8b323_amd64
Red Hat	openshift4/ose-csi-livenessprobe-rhel8@sha256:589f1014c64d7970a0b728e37f95f4172011c44cb8ec04744bc7cbd5a9848d8a_arm64 as a component of Red Hat OpenShift Container Platform 4.11	openshift4/ose-csi-livenessprobe-rhel8@sha256:589f1014c64d7970a0b728e37f95f4172011c44cb8ec04744bc7cbd5a9848d8a_arm64, openshift4/ose-csi-livenessprobe-rhel8@sha256:589f1014c64d7970a0b728e37f95f4172011c44cb8ec04744bc7cbd5a9848d8a_arm64, openshift4/ose-csi-livenessprobe-rhel8@sha256:589f1014c64d7970a0b728e37f95f4172011c44cb8ec04744bc7cbd5a9848d8a_arm64