VDB
RHSA-2023%3A6787
RHSA-2023%3A6787
PUBLISHED
CVSS 7.5 HIGH
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | network-observability/network-observability-console-plugin-rhel9@sha256:f6be4953742e271e6507aa91a8ed976d7dfd68c3b9634382b18d47bb5d968ddf_s390x as a component of NETOBSERV 1.4 for RHEL 9 | *, *, * |
| Red Hat | network-observability/network-observability-operator-bundle@sha256:dc8f77f41b077986639b3f594f9e5eb3bf56dad90bed1927921f973c4171ba68_amd64 as a component of NETOBSERV 1.4 for RHEL 9 | *, *, * |
| Red Hat | network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:51049a42b3f3f75a2dc670f3fa026a1d68280664a0ef47c3ad2fdfdb97c25611_amd64 as a component of NETOBSERV 1.4 for RHEL 9 | network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:51049a42b3f3f75a2dc670f3fa026a1d68280664a0ef47c3ad2fdfdb97c25611_amd64, network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:51049a42b3f3f75a2dc670f3fa026a1d68280664a0ef47c3ad2fdfdb97c25611_amd64, network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:51049a42b3f3f75a2dc670f3fa026a1d68280664a0ef47c3ad2fdfdb97c25611_amd64 |
| Red Hat | network-observability/network-observability-rhel9-operator@sha256:4c49b198ec1c97aeec39dd445b30e96af12f43a74166da53a63c11617c69a0b9_arm64 as a component of NETOBSERV 1.4 for RHEL 9 | network-observability/network-observability-rhel9-operator@sha256:4c49b198ec1c97aeec39dd445b30e96af12f43a74166da53a63c11617c69a0b9_arm64, network-observability/network-observability-rhel9-operator@sha256:4c49b198ec1c97aeec39dd445b30e96af12f43a74166da53a63c11617c69a0b9_arm64, network-observability/network-observability-rhel9-operator@sha256:4c49b198ec1c97aeec39dd445b30e96af12f43a74166da53a63c11617c69a0b9_arm64 |
| Red Hat | network-observability/network-observability-console-plugin-rhel9@sha256:a60a5f1b256d627d156d5b6554b0031380e62866a90963c7933ce87b21f83491_amd64 as a component of NETOBSERV 1.4 for RHEL 9 | *, *, network-observability/network-observability-console-plugin-rhel9@sha256:a60a5f1b256d627d156d5b6554b0031380e62866a90963c7933ce87b21f83491_amd64 |
| Red Hat | network-observability/network-observability-operator-bundle@sha256:8e2171ae86ab9e78bf7827dd33cbdaaf5a4ff566da50bb7f659f613258712090_ppc64le as a component of NETOBSERV 1.4 for RHEL 9 | network-observability/network-observability-operator-bundle@sha256:8e2171ae86ab9e78bf7827dd33cbdaaf5a4ff566da50bb7f659f613258712090_ppc64le, network-observability/network-observability-operator-bundle@sha256:8e2171ae86ab9e78bf7827dd33cbdaaf5a4ff566da50bb7f659f613258712090_ppc64le, network-observability/network-observability-operator-bundle@sha256:8e2171ae86ab9e78bf7827dd33cbdaaf5a4ff566da50bb7f659f613258712090_ppc64le |
| Red Hat | network-observability/network-observability-rhel9-operator@sha256:2b99cf0df552ca77d35e8fd8e2e6c81938369c59241697f6220c40df27b9cd54_amd64 as a component of NETOBSERV 1.4 for RHEL 9 | network-observability/network-observability-rhel9-operator@sha256:2b99cf0df552ca77d35e8fd8e2e6c81938369c59241697f6220c40df27b9cd54_amd64, *, network-observability/network-observability-rhel9-operator@sha256:2b99cf0df552ca77d35e8fd8e2e6c81938369c59241697f6220c40df27b9cd54_amd64 |
| Red Hat | network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:26c5d2dc469ae8688abb5b87041f00d342a8542e810b1828af29781faef300a4_s390x as a component of NETOBSERV 1.4 for RHEL 9 | network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:26c5d2dc469ae8688abb5b87041f00d342a8542e810b1828af29781faef300a4_s390x, *, * |
| Red Hat | network-observability/network-observability-ebpf-agent-rhel9@sha256:63c6d967f4c2ec9a5047be4c5e02676d80243dbc3cc6bad508e6b3162a631be9_s390x as a component of NETOBSERV 1.4 for RHEL 9 | network-observability/network-observability-ebpf-agent-rhel9@sha256:63c6d967f4c2ec9a5047be4c5e02676d80243dbc3cc6bad508e6b3162a631be9_s390x, *, network-observability/network-observability-ebpf-agent-rhel9@sha256:63c6d967f4c2ec9a5047be4c5e02676d80243dbc3cc6bad508e6b3162a631be9_s390x |
| Red Hat | network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:6620a766d61fc0395a2557fc0920f54a151d605dc932ca26fe78cfe0193c9c1c_ppc64le as a component of NETOBSERV 1.4 for RHEL 9 | *, network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:6620a766d61fc0395a2557fc0920f54a151d605dc932ca26fe78cfe0193c9c1c_ppc64le, network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:6620a766d61fc0395a2557fc0920f54a151d605dc932ca26fe78cfe0193c9c1c_ppc64le |
| Red Hat | network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:83858e6e99d9669b5a8766aac010ca50df6df056496367f501d8268de5d4df82_arm64 as a component of NETOBSERV 1.4 for RHEL 9 | network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:83858e6e99d9669b5a8766aac010ca50df6df056496367f501d8268de5d4df82_arm64, network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:83858e6e99d9669b5a8766aac010ca50df6df056496367f501d8268de5d4df82_arm64, network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:83858e6e99d9669b5a8766aac010ca50df6df056496367f501d8268de5d4df82_arm64 |
| Red Hat | network-observability/network-observability-operator-bundle@sha256:cfc16fa970403528771979f8e509660918c32d1532ae419824cc81348cee4132_arm64 as a component of NETOBSERV 1.4 for RHEL 9 | network-observability/network-observability-operator-bundle@sha256:cfc16fa970403528771979f8e509660918c32d1532ae419824cc81348cee4132_arm64, network-observability/network-observability-operator-bundle@sha256:cfc16fa970403528771979f8e509660918c32d1532ae419824cc81348cee4132_arm64, network-observability/network-observability-operator-bundle@sha256:cfc16fa970403528771979f8e509660918c32d1532ae419824cc81348cee4132_arm64 |
| Red Hat | network-observability/network-observability-console-plugin-rhel9@sha256:ee3f049527626d646f81d0a16d1911f0efe71c9286ae657429c9f0f6c6c505e3_ppc64le as a component of NETOBSERV 1.4 for RHEL 9 | *, network-observability/network-observability-console-plugin-rhel9@sha256:ee3f049527626d646f81d0a16d1911f0efe71c9286ae657429c9f0f6c6c505e3_ppc64le, network-observability/network-observability-console-plugin-rhel9@sha256:ee3f049527626d646f81d0a16d1911f0efe71c9286ae657429c9f0f6c6c505e3_ppc64le |
| Red Hat | network-observability/network-observability-ebpf-agent-rhel9@sha256:d5a86121d054b9ea8a7b7ccead3a42d4b9e5c17929e188b8bd780517ceb7d96e_arm64 as a component of NETOBSERV 1.4 for RHEL 9 | *, network-observability/network-observability-ebpf-agent-rhel9@sha256:d5a86121d054b9ea8a7b7ccead3a42d4b9e5c17929e188b8bd780517ceb7d96e_arm64, * |
| Red Hat | network-observability/network-observability-rhel9-operator@sha256:4c49b198ec1c97aeec39dd445b30e96af12f43a74166da53a63c11617c69a0b9_arm64 as a component of NETOBSERV 1.4 for RHEL 9 | *, network-observability/network-observability-rhel9-operator@sha256:4c49b198ec1c97aeec39dd445b30e96af12f43a74166da53a63c11617c69a0b9_arm64, network-observability/network-observability-rhel9-operator@sha256:4c49b198ec1c97aeec39dd445b30e96af12f43a74166da53a63c11617c69a0b9_arm64 |
| Red Hat | network-observability/network-observability-rhel9-operator@sha256:63f7b3fe3fde774f8b8b76b8eb17b3c62220bf3270320349942ab042518e1515_s390x as a component of NETOBSERV 1.4 for RHEL 9 | *, network-observability/network-observability-rhel9-operator@sha256:63f7b3fe3fde774f8b8b76b8eb17b3c62220bf3270320349942ab042518e1515_s390x, network-observability/network-observability-rhel9-operator@sha256:63f7b3fe3fde774f8b8b76b8eb17b3c62220bf3270320349942ab042518e1515_s390x |
| Red Hat | network-observability/network-observability-rhel9-operator@sha256:2b99cf0df552ca77d35e8fd8e2e6c81938369c59241697f6220c40df27b9cd54_amd64 as a component of NETOBSERV 1.4 for RHEL 9 | network-observability/network-observability-rhel9-operator@sha256:2b99cf0df552ca77d35e8fd8e2e6c81938369c59241697f6220c40df27b9cd54_amd64, *, * |
| Red Hat | network-observability/network-observability-ebpf-agent-rhel9@sha256:8ac8ae32fae59ae22688a6772eb77245b24b6dbe55fc309bd31395b006cbdfad_ppc64le as a component of NETOBSERV 1.4 for RHEL 9 | *, *, network-observability/network-observability-ebpf-agent-rhel9@sha256:8ac8ae32fae59ae22688a6772eb77245b24b6dbe55fc309bd31395b006cbdfad_ppc64le |
| Red Hat | network-observability/network-observability-operator-bundle@sha256:cfc16fa970403528771979f8e509660918c32d1532ae419824cc81348cee4132_arm64 as a component of NETOBSERV 1.4 for RHEL 9 | *, *, * |
| Red Hat | network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:6620a766d61fc0395a2557fc0920f54a151d605dc932ca26fe78cfe0193c9c1c_ppc64le as a component of NETOBSERV 1.4 for RHEL 9 | network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:6620a766d61fc0395a2557fc0920f54a151d605dc932ca26fe78cfe0193c9c1c_ppc64le, *, network-observability/network-observability-flowlogs-pipeline-rhel9@sha256:6620a766d61fc0395a2557fc0920f54a151d605dc932ca26fe78cfe0193c9c1c_ppc64le |
…and 21 more
Exploit Intelligence
- HTTP/2 attack simulation & defense lab - Slowloris, Rapid Reset (CVE-2023-44487), HPACK Bomb attacks with 5 layered defenses. Built in pure Python with raw sockets and h2 library. (github-poc-repo)
- HTTP/2 attack simulation & defense lab - Slowloris, Rapid Reset (CVE-2023-44487), HPACK Bomb attacks with 5 layered defenses. Built in pure Python with raw sockets and h2 library. (github-poc)
- Plan v3 US-6: coredns-style fork fixture for Scanner E2E (CVE-2023-39325) (github-poc-repo)
- Plan v3 US-6: coredns-style fork fixture for Scanner E2E (CVE-2023-39325) (github-poc)
- Educational environment for LTAT.04.022 Homework 4. (github-poc-repo)
- Educational environment for LTAT.04.022 Homework 4. (github-poc)
- TYuan0816/cve-2023-44487 (github-poc-repo)
- sn130hk/CVE-2023-44487 (github-poc-repo)
- RapidResetClient (github-poc-repo)
- POC for CVE-2023-44487 (github-poc-repo)
…and 69 more exploits
Timeline
- Nov 8, 2023 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- May 21, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2023:6787 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2242803 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2243296 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6787.json advisory
- https://access.redhat.com/security/cve/CVE-2023-39325 advisory
- https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-39325 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-39325 advisory
- https://access.redhat.com/security/cve/CVE-2023-44487 advisory
- https://go.dev/issue/63417 advisory
- https://pkg.go.dev/vuln/GO-2023-2102 advisory
- https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-44487 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-44487 advisory
- https://github.com/dotnet/announcements/issues/277 advisory
- https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog exploit