RHSA-2023%3A6276
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/ose-haproxy-router@sha256:494854b4b2d233c725383c0b017643858eef52af402f340f377ddfc32f7e4b98_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-haproxy-router@sha256:494854b4b2d233c725383c0b017643858eef52af402f340f377ddfc32f7e4b98_ppc64le, openshift4/ose-haproxy-router@sha256:494854b4b2d233c725383c0b017643858eef52af402f340f377ddfc32f7e4b98_ppc64le, * |
| Red Hat | openshift4/ose-csi-external-attacher@sha256:a5cdd10c3e3d6e1bb4d0317d8957caf2fd4efcb8cafbc0d4bc4049ae1d3ff387_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-csi-external-attacher@sha256:a5cdd10c3e3d6e1bb4d0317d8957caf2fd4efcb8cafbc0d4bc4049ae1d3ff387_arm64, openshift4/ose-csi-external-attacher@sha256:a5cdd10c3e3d6e1bb4d0317d8957caf2fd4efcb8cafbc0d4bc4049ae1d3ff387_arm64, openshift4/ose-csi-external-attacher@sha256:a5cdd10c3e3d6e1bb4d0317d8957caf2fd4efcb8cafbc0d4bc4049ae1d3ff387_arm64 |
| Red Hat | openshift4/ose-csi-snapshot-controller-rhel8@sha256:2d7d6c049449a9df5da0c30875d1fee46fd11841a4e93a36513910886a8679cd_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | *, *, openshift4/ose-csi-snapshot-controller-rhel8@sha256:2d7d6c049449a9df5da0c30875d1fee46fd11841a4e93a36513910886a8679cd_arm64 |
| Red Hat | openshift4/ose-installer@sha256:ebcc86e37526474e4a65ad6f814418d6b027cb33b899e52452900d3e0f95be30_s390x as a component of Red Hat OpenShift Container Platform 4.12 | *, *, openshift4/ose-installer@sha256:ebcc86e37526474e4a65ad6f814418d6b027cb33b899e52452900d3e0f95be30_s390x |
| Red Hat | openshift4/ose-csi-livenessprobe@sha256:e06c9909e0004000756e7903b8172d140fc7525ea40515d4db3a40d70c5f9c5a_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-csi-livenessprobe@sha256:e06c9909e0004000756e7903b8172d140fc7525ea40515d4db3a40d70c5f9c5a_arm64, openshift4/ose-csi-livenessprobe@sha256:e06c9909e0004000756e7903b8172d140fc7525ea40515d4db3a40d70c5f9c5a_arm64, openshift4/ose-csi-livenessprobe@sha256:e06c9909e0004000756e7903b8172d140fc7525ea40515d4db3a40d70c5f9c5a_arm64 |
| Red Hat | openshift4/ose-cluster-etcd-rhel8-operator@sha256:44de63da1062ca1846d4ffd5581bd806768a32642b645cd545dbe9807d20fab0_s390x as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-cluster-etcd-rhel8-operator@sha256:44de63da1062ca1846d4ffd5581bd806768a32642b645cd545dbe9807d20fab0_s390x, *, * |
| Red Hat | openshift4/ose-openstack-machine-controllers@sha256:c7717cc854b96e8dfa456eddeb85aa9c2f60b5e2f576ad95e203596650ad2cb1_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | *, openshift4/ose-openstack-machine-controllers@sha256:c7717cc854b96e8dfa456eddeb85aa9c2f60b5e2f576ad95e203596650ad2cb1_amd64, openshift4/ose-openstack-machine-controllers@sha256:c7717cc854b96e8dfa456eddeb85aa9c2f60b5e2f576ad95e203596650ad2cb1_amd64 |
| Red Hat | openshift4/ose-hyperkube@sha256:6eada97ae38132092b95d149cbf66634785ae547732ddd891060a21a4571f8e1_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | *, openshift4/ose-hyperkube@sha256:6eada97ae38132092b95d149cbf66634785ae547732ddd891060a21a4571f8e1_amd64, openshift4/ose-hyperkube@sha256:6eada97ae38132092b95d149cbf66634785ae547732ddd891060a21a4571f8e1_amd64 |
| Red Hat | openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator@sha256:b6ab890908a0a023ff8a42df61098460169d52b14992d59a21c52c6d83e5fd0d_s390x as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator@sha256:b6ab890908a0a023ff8a42df61098460169d52b14992d59a21c52c6d83e5fd0d_s390x, *, openshift4/ose-cluster-csi-snapshot-controller-rhel8-operator@sha256:b6ab890908a0a023ff8a42df61098460169d52b14992d59a21c52c6d83e5fd0d_s390x |
| Red Hat | openshift4/ose-csi-livenessprobe@sha256:920486a9d03e9fb2bf6fbfa1e77af43b2779fca47ef46dec80865a52a3abdfa9_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-csi-livenessprobe@sha256:920486a9d03e9fb2bf6fbfa1e77af43b2779fca47ef46dec80865a52a3abdfa9_ppc64le, openshift4/ose-csi-livenessprobe@sha256:920486a9d03e9fb2bf6fbfa1e77af43b2779fca47ef46dec80865a52a3abdfa9_ppc64le, * |
| Red Hat | openshift4/ose-openstack-machine-controllers@sha256:6b8ce3b43ec036e35a619980aba873902bde0cbf71669a92232c274272481057_s390x as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-openstack-machine-controllers@sha256:6b8ce3b43ec036e35a619980aba873902bde0cbf71669a92232c274272481057_s390x, *, openshift4/ose-openstack-machine-controllers@sha256:6b8ce3b43ec036e35a619980aba873902bde0cbf71669a92232c274272481057_s390x |
| Red Hat | openshift4/ose-csi-external-attacher@sha256:1044706153277a255c63fdce1dee28565f78162fef4ceecc3c75a71d0a584a14_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-csi-external-attacher@sha256:1044706153277a255c63fdce1dee28565f78162fef4ceecc3c75a71d0a584a14_amd64, openshift4/ose-csi-external-attacher@sha256:1044706153277a255c63fdce1dee28565f78162fef4ceecc3c75a71d0a584a14_amd64, openshift4/ose-csi-external-attacher@sha256:1044706153277a255c63fdce1dee28565f78162fef4ceecc3c75a71d0a584a14_amd64 |
| Red Hat | openshift4/ose-csi-external-resizer@sha256:b2e0573fa027d9b8a66d166be08995a7bbd7582cd9a4f2da7fe9fe958976b64c_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-csi-external-resizer@sha256:b2e0573fa027d9b8a66d166be08995a7bbd7582cd9a4f2da7fe9fe958976b64c_ppc64le, openshift4/ose-csi-external-resizer@sha256:b2e0573fa027d9b8a66d166be08995a7bbd7582cd9a4f2da7fe9fe958976b64c_ppc64le, openshift4/ose-csi-external-resizer@sha256:b2e0573fa027d9b8a66d166be08995a7bbd7582cd9a4f2da7fe9fe958976b64c_ppc64le |
| Red Hat | openshift4/ose-coredns@sha256:2ef9922696587b1c6608cc61872149468889dd47df211af034cd01ed74378837_s390x as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-coredns@sha256:2ef9922696587b1c6608cc61872149468889dd47df211af034cd01ed74378837_s390x, *, openshift4/ose-coredns@sha256:2ef9922696587b1c6608cc61872149468889dd47df211af034cd01ed74378837_s390x |
| Red Hat | openshift4/ose-csi-node-driver-registrar@sha256:28ee31b6bf12fcfd5ce780db30444c41fbe1af9fad449406c2fa3ef7b0dcda22_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-csi-node-driver-registrar@sha256:28ee31b6bf12fcfd5ce780db30444c41fbe1af9fad449406c2fa3ef7b0dcda22_amd64, openshift4/ose-csi-node-driver-registrar@sha256:28ee31b6bf12fcfd5ce780db30444c41fbe1af9fad449406c2fa3ef7b0dcda22_amd64, * |
| Red Hat | openshift4/driver-toolkit-rhel8@sha256:b060f3241d092b830d03626d95b2b74d5f9b9ceda9a8a4b7ca4e897cc1d3acee_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/driver-toolkit-rhel8@sha256:b060f3241d092b830d03626d95b2b74d5f9b9ceda9a8a4b7ca4e897cc1d3acee_ppc64le, openshift4/driver-toolkit-rhel8@sha256:b060f3241d092b830d03626d95b2b74d5f9b9ceda9a8a4b7ca4e897cc1d3acee_ppc64le, openshift4/driver-toolkit-rhel8@sha256:b060f3241d092b830d03626d95b2b74d5f9b9ceda9a8a4b7ca4e897cc1d3acee_ppc64le |
| Red Hat | openshift4/ose-csi-external-resizer-rhel8@sha256:4de808ae1a82fb0861ae65faa300e54198fe571795ea9a1efd1b6c31591e1c28_s390x as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-csi-external-resizer-rhel8@sha256:4de808ae1a82fb0861ae65faa300e54198fe571795ea9a1efd1b6c31591e1c28_s390x, openshift4/ose-csi-external-resizer-rhel8@sha256:4de808ae1a82fb0861ae65faa300e54198fe571795ea9a1efd1b6c31591e1c28_s390x, openshift4/ose-csi-external-resizer-rhel8@sha256:4de808ae1a82fb0861ae65faa300e54198fe571795ea9a1efd1b6c31591e1c28_s390x |
| Red Hat | openshift4/ose-csi-snapshot-controller-rhel8@sha256:2d7d6c049449a9df5da0c30875d1fee46fd11841a4e93a36513910886a8679cd_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | *, openshift4/ose-csi-snapshot-controller-rhel8@sha256:2d7d6c049449a9df5da0c30875d1fee46fd11841a4e93a36513910886a8679cd_arm64, openshift4/ose-csi-snapshot-controller-rhel8@sha256:2d7d6c049449a9df5da0c30875d1fee46fd11841a4e93a36513910886a8679cd_arm64 |
| Red Hat | openshift4/ose-csi-external-attacher@sha256:a5cdd10c3e3d6e1bb4d0317d8957caf2fd4efcb8cafbc0d4bc4049ae1d3ff387_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-csi-external-attacher@sha256:a5cdd10c3e3d6e1bb4d0317d8957caf2fd4efcb8cafbc0d4bc4049ae1d3ff387_arm64, openshift4/ose-csi-external-attacher@sha256:a5cdd10c3e3d6e1bb4d0317d8957caf2fd4efcb8cafbc0d4bc4049ae1d3ff387_arm64, openshift4/ose-csi-external-attacher@sha256:a5cdd10c3e3d6e1bb4d0317d8957caf2fd4efcb8cafbc0d4bc4049ae1d3ff387_arm64 |
| Red Hat | openshift4/ose-csi-livenessprobe@sha256:8f28411d79d8502e34bdade79ad18b121e89e98b3fb1940d97c99311b121fc63_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-csi-livenessprobe@sha256:8f28411d79d8502e34bdade79ad18b121e89e98b3fb1940d97c99311b121fc63_amd64, openshift4/ose-csi-livenessprobe@sha256:8f28411d79d8502e34bdade79ad18b121e89e98b3fb1940d97c99311b121fc63_amd64, openshift4/ose-csi-livenessprobe@sha256:8f28411d79d8502e34bdade79ad18b121e89e98b3fb1940d97c99311b121fc63_amd64 |
…and 345 more
Timeline
- Nov 8, 2023 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- May 21, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2023:6276 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2243296 issue
- https://issues.redhat.com/browse/OCPBUGS-16362 advisory
- https://issues.redhat.com/browse/OCPBUGS-18645 advisory
- https://issues.redhat.com/browse/OCPBUGS-20019 advisory
- https://issues.redhat.com/browse/OCPBUGS-20100 advisory
- https://issues.redhat.com/browse/OCPBUGS-20127 advisory
- https://issues.redhat.com/browse/OCPBUGS-21837 advisory
- https://issues.redhat.com/browse/OCPBUGS-22198 advisory
- https://issues.redhat.com/browse/OCPBUGS-22235 advisory
- https://issues.redhat.com/browse/OCPBUGS-22432 advisory
- https://issues.redhat.com/browse/OCPBUGS-22435 advisory
- https://issues.redhat.com/browse/OCPBUGS-22480 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6276.json advisory
- https://access.redhat.com/security/cve/CVE-2023-39325 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-39325 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-39325 advisory
- https://access.redhat.com/security/cve/CVE-2023-44487 advisory
…and 3 more