VDB

RHSA-2023%3A6784

RHSA-2023%3A6784 PUBLISHED CVSS 7.5 HIGH

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Red Hatworkload-availability/node-healthcheck-rhel8-operator@sha256:b0035ef85a042b920d1aa53e86d390b06066d3cf6bb85956a28fa4480c324658_amd64 as a component of Node Healthcheck Operator 0.6 for RHEL 8workload-availability/node-healthcheck-rhel8-operator@sha256:b0035ef85a042b920d1aa53e86d390b06066d3cf6bb85956a28fa4480c324658_amd64, workload-availability/node-healthcheck-rhel8-operator@sha256:b0035ef85a042b920d1aa53e86d390b06066d3cf6bb85956a28fa4480c324658_amd64, workload-availability/node-healthcheck-rhel8-operator@sha256:b0035ef85a042b920d1aa53e86d390b06066d3cf6bb85956a28fa4480c324658_amd64
Red Hatworkload-availability/node-healthcheck-must-gather-rhel8@sha256:29aa40527f9d289cb41939db052a658a4fdd949006854a3bab5aa41fd783d28d_amd64 as a component of Node Healthcheck Operator 0.6 for RHEL 8*, workload-availability/node-healthcheck-must-gather-rhel8@sha256:29aa40527f9d289cb41939db052a658a4fdd949006854a3bab5aa41fd783d28d_amd64, *
Red Hatworkload-availability/node-healthcheck-rhel8-operator@sha256:b0035ef85a042b920d1aa53e86d390b06066d3cf6bb85956a28fa4480c324658_amd64 as a component of Node Healthcheck Operator 0.6 for RHEL 8workload-availability/node-healthcheck-rhel8-operator@sha256:b0035ef85a042b920d1aa53e86d390b06066d3cf6bb85956a28fa4480c324658_amd64, workload-availability/node-healthcheck-rhel8-operator@sha256:b0035ef85a042b920d1aa53e86d390b06066d3cf6bb85956a28fa4480c324658_amd64, workload-availability/node-healthcheck-rhel8-operator@sha256:b0035ef85a042b920d1aa53e86d390b06066d3cf6bb85956a28fa4480c324658_amd64
Red Hatworkload-availability/node-healthcheck-operator-bundle@sha256:309ba89dece3ee9901ed66c40bd28d71f20c7d91a7feff552e28ea0c772b9178_amd64 as a component of Node Healthcheck Operator 0.6 for RHEL 8workload-availability/node-healthcheck-operator-bundle@sha256:309ba89dece3ee9901ed66c40bd28d71f20c7d91a7feff552e28ea0c772b9178_amd64, *, workload-availability/node-healthcheck-operator-bundle@sha256:309ba89dece3ee9901ed66c40bd28d71f20c7d91a7feff552e28ea0c772b9178_amd64
Red Hatworkload-availability/node-healthcheck-operator-bundle@sha256:309ba89dece3ee9901ed66c40bd28d71f20c7d91a7feff552e28ea0c772b9178_amd64 as a component of Node Healthcheck Operator 0.6 for RHEL 8workload-availability/node-healthcheck-operator-bundle@sha256:309ba89dece3ee9901ed66c40bd28d71f20c7d91a7feff552e28ea0c772b9178_amd64, *, workload-availability/node-healthcheck-operator-bundle@sha256:309ba89dece3ee9901ed66c40bd28d71f20c7d91a7feff552e28ea0c772b9178_amd64
Red Hatworkload-availability/node-healthcheck-must-gather-rhel8@sha256:29aa40527f9d289cb41939db052a658a4fdd949006854a3bab5aa41fd783d28d_amd64 as a component of Node Healthcheck Operator 0.6 for RHEL 8*, *, workload-availability/node-healthcheck-must-gather-rhel8@sha256:29aa40527f9d289cb41939db052a658a4fdd949006854a3bab5aa41fd783d28d_amd64
Red Hatworkload-availability/node-remediation-console-rhel8@sha256:154ce9bd17e6809c283526ff0fb2e7f37da86e1703d13e18c741928850e67716_amd64 as a component of Node Healthcheck Operator 0.6 for RHEL 8workload-availability/node-remediation-console-rhel8@sha256:154ce9bd17e6809c283526ff0fb2e7f37da86e1703d13e18c741928850e67716_amd64, workload-availability/node-remediation-console-rhel8@sha256:154ce9bd17e6809c283526ff0fb2e7f37da86e1703d13e18c741928850e67716_amd64, *
Red HatNode Health Check Operator
Red Hatworkload-availability/node-remediation-console-rhel8@sha256:154ce9bd17e6809c283526ff0fb2e7f37da86e1703d13e18c741928850e67716_amd64 as a component of Node Healthcheck Operator 0.6 for RHEL 8workload-availability/node-remediation-console-rhel8@sha256:154ce9bd17e6809c283526ff0fb2e7f37da86e1703d13e18c741928850e67716_amd64, workload-availability/node-remediation-console-rhel8@sha256:154ce9bd17e6809c283526ff0fb2e7f37da86e1703d13e18c741928850e67716_amd64, *

Timeline

  • Nov 8, 2023 CVE Published
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • May 21, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›