RHSA-2023%3A6788
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift-gitops-1/kam-delivery-rhel8@sha256:88a8aee36d303243ddb183c136d0f4d44da090b567db858fb74d5a73d35d78cd_ppc64le as a component of Red Hat OpenShift GitOps 1.8 | openshift-gitops-1/kam-delivery-rhel8@sha256:88a8aee36d303243ddb183c136d0f4d44da090b567db858fb74d5a73d35d78cd_ppc64le, openshift-gitops-1/kam-delivery-rhel8@sha256:88a8aee36d303243ddb183c136d0f4d44da090b567db858fb74d5a73d35d78cd_ppc64le, openshift-gitops-1/kam-delivery-rhel8@sha256:88a8aee36d303243ddb183c136d0f4d44da090b567db858fb74d5a73d35d78cd_ppc64le |
| Red Hat | openshift-gitops-1/gitops-rhel8@sha256:0b883f8ba0c6a799f0f0100c1cd40ab61e3421e0b48407d0e99a9b20a076515c_arm64 as a component of Red Hat OpenShift GitOps 1.8 | openshift-gitops-1/gitops-rhel8@sha256:0b883f8ba0c6a799f0f0100c1cd40ab61e3421e0b48407d0e99a9b20a076515c_arm64, *, * |
| Red Hat | openshift-gitops-1/argocd-rhel8@sha256:fb09d1723d1a72831cbfc9e611ef5b50c2e0edb2ef90abac07eda8550f419cba_arm64 as a component of Red Hat OpenShift GitOps 1.8 | openshift-gitops-1/argocd-rhel8@sha256:fb09d1723d1a72831cbfc9e611ef5b50c2e0edb2ef90abac07eda8550f419cba_arm64, openshift-gitops-1/argocd-rhel8@sha256:fb09d1723d1a72831cbfc9e611ef5b50c2e0edb2ef90abac07eda8550f419cba_arm64, * |
| Red Hat | openshift-gitops-1/kam-delivery-rhel8@sha256:781c83077c2ee1cfca7f6da18ff002b6a65a1e07c7e415704953cc6fbffbaea9_arm64 as a component of Red Hat OpenShift GitOps 1.8 | openshift-gitops-1/kam-delivery-rhel8@sha256:781c83077c2ee1cfca7f6da18ff002b6a65a1e07c7e415704953cc6fbffbaea9_arm64, openshift-gitops-1/kam-delivery-rhel8@sha256:781c83077c2ee1cfca7f6da18ff002b6a65a1e07c7e415704953cc6fbffbaea9_arm64, * |
| Red Hat | openshift-gitops-1/console-plugin-rhel8@sha256:5d7864c8650af9841477efe7346613d096a4e23c2d12c624eea18371d2652c43_amd64 as a component of Red Hat OpenShift GitOps 1.8 | openshift-gitops-1/console-plugin-rhel8@sha256:5d7864c8650af9841477efe7346613d096a4e23c2d12c624eea18371d2652c43_amd64, openshift-gitops-1/console-plugin-rhel8@sha256:5d7864c8650af9841477efe7346613d096a4e23c2d12c624eea18371d2652c43_amd64, openshift-gitops-1/console-plugin-rhel8@sha256:5d7864c8650af9841477efe7346613d096a4e23c2d12c624eea18371d2652c43_amd64 |
| Red Hat | openshift-gitops-1/gitops-rhel8-operator@sha256:527cb23f973543f90679bbb655c2a1324d3415cec0d3f2f81e5dd1e557168834_arm64 as a component of Red Hat OpenShift GitOps 1.8 | openshift-gitops-1/gitops-rhel8-operator@sha256:527cb23f973543f90679bbb655c2a1324d3415cec0d3f2f81e5dd1e557168834_arm64, *, openshift-gitops-1/gitops-rhel8-operator@sha256:527cb23f973543f90679bbb655c2a1324d3415cec0d3f2f81e5dd1e557168834_arm64 |
| Red Hat | openshift-gitops-1/dex-rhel8@sha256:01a11a866efae4dc4c1a8701a926f1dbaed0d59b67016af42ce3b1583f76f61e_ppc64le as a component of Red Hat OpenShift GitOps 1.8 | *, openshift-gitops-1/dex-rhel8@sha256:01a11a866efae4dc4c1a8701a926f1dbaed0d59b67016af42ce3b1583f76f61e_ppc64le, openshift-gitops-1/dex-rhel8@sha256:01a11a866efae4dc4c1a8701a926f1dbaed0d59b67016af42ce3b1583f76f61e_ppc64le |
| Red Hat | openshift-gitops-1/kam-delivery-rhel8@sha256:0ea24b2bf85c4bdd083d155b6eb2de5e9e026e5d0de9b536c401137ab64d984a_s390x as a component of Red Hat OpenShift GitOps 1.8 | *, *, * |
| Red Hat | openshift-gitops-1/argocd-rhel8@sha256:fdf40063f9f02b0ed3843bc84d3cadf3375cad3c24b299adfbfc7bc054ca81d3_amd64 as a component of Red Hat OpenShift GitOps 1.8 | *, *, openshift-gitops-1/argocd-rhel8@sha256:fdf40063f9f02b0ed3843bc84d3cadf3375cad3c24b299adfbfc7bc054ca81d3_amd64 |
| Red Hat | openshift-gitops-1/kam-delivery-rhel8@sha256:49d3609e5f780d767722a60c3c18d62ab89aeccaf92b07e4c660dbe41058c616_amd64 as a component of Red Hat OpenShift GitOps 1.8 | openshift-gitops-1/kam-delivery-rhel8@sha256:49d3609e5f780d767722a60c3c18d62ab89aeccaf92b07e4c660dbe41058c616_amd64, openshift-gitops-1/kam-delivery-rhel8@sha256:49d3609e5f780d767722a60c3c18d62ab89aeccaf92b07e4c660dbe41058c616_amd64, openshift-gitops-1/kam-delivery-rhel8@sha256:49d3609e5f780d767722a60c3c18d62ab89aeccaf92b07e4c660dbe41058c616_amd64 |
| Red Hat | openshift-gitops-1/console-plugin-rhel8@sha256:5dd600edbbe26c66a71346811343d087db759c236568b50588c8e2667dce07ef_ppc64le as a component of Red Hat OpenShift GitOps 1.8 | *, openshift-gitops-1/console-plugin-rhel8@sha256:5dd600edbbe26c66a71346811343d087db759c236568b50588c8e2667dce07ef_ppc64le, openshift-gitops-1/console-plugin-rhel8@sha256:5dd600edbbe26c66a71346811343d087db759c236568b50588c8e2667dce07ef_ppc64le |
| Red Hat | openshift-gitops-1/argocd-rhel8@sha256:fb09d1723d1a72831cbfc9e611ef5b50c2e0edb2ef90abac07eda8550f419cba_arm64 as a component of Red Hat OpenShift GitOps 1.8 | openshift-gitops-1/argocd-rhel8@sha256:fb09d1723d1a72831cbfc9e611ef5b50c2e0edb2ef90abac07eda8550f419cba_arm64, openshift-gitops-1/argocd-rhel8@sha256:fb09d1723d1a72831cbfc9e611ef5b50c2e0edb2ef90abac07eda8550f419cba_arm64, openshift-gitops-1/argocd-rhel8@sha256:fb09d1723d1a72831cbfc9e611ef5b50c2e0edb2ef90abac07eda8550f419cba_arm64 |
| Red Hat | openshift-gitops-1/gitops-operator-bundle@sha256:b2d58f4dc20eb7e17e09af0e8c5de55fa04f9f4f697e10c6be81a7a6a08381b2_amd64 as a component of Red Hat OpenShift GitOps 1.8 | *, *, openshift-gitops-1/gitops-operator-bundle@sha256:b2d58f4dc20eb7e17e09af0e8c5de55fa04f9f4f697e10c6be81a7a6a08381b2_amd64 |
| Red Hat | openshift-gitops-1/gitops-rhel8@sha256:dd595a3c6bc0103e93f9fd29c175950dbc1df005f36188ce23929e1da46999e4_amd64 as a component of Red Hat OpenShift GitOps 1.8 | openshift-gitops-1/gitops-rhel8@sha256:dd595a3c6bc0103e93f9fd29c175950dbc1df005f36188ce23929e1da46999e4_amd64, openshift-gitops-1/gitops-rhel8@sha256:dd595a3c6bc0103e93f9fd29c175950dbc1df005f36188ce23929e1da46999e4_amd64, openshift-gitops-1/gitops-rhel8@sha256:dd595a3c6bc0103e93f9fd29c175950dbc1df005f36188ce23929e1da46999e4_amd64 |
| Red Hat | openshift-gitops-1/argocd-rhel8@sha256:0d080aed6b1ce572f52c35e144fdc7b4668d8c65ae8b98ad2237d993f60b054d_s390x as a component of Red Hat OpenShift GitOps 1.8 | openshift-gitops-1/argocd-rhel8@sha256:0d080aed6b1ce572f52c35e144fdc7b4668d8c65ae8b98ad2237d993f60b054d_s390x, openshift-gitops-1/argocd-rhel8@sha256:0d080aed6b1ce572f52c35e144fdc7b4668d8c65ae8b98ad2237d993f60b054d_s390x, openshift-gitops-1/argocd-rhel8@sha256:0d080aed6b1ce572f52c35e144fdc7b4668d8c65ae8b98ad2237d993f60b054d_s390x |
| Red Hat | openshift-gitops-1/dex-rhel8@sha256:a2eab607bbafe95976fb45760d529eb43bd964981dac1cf75c2691a3d6f3d05a_arm64 as a component of Red Hat OpenShift GitOps 1.8 | openshift-gitops-1/dex-rhel8@sha256:a2eab607bbafe95976fb45760d529eb43bd964981dac1cf75c2691a3d6f3d05a_arm64, openshift-gitops-1/dex-rhel8@sha256:a2eab607bbafe95976fb45760d529eb43bd964981dac1cf75c2691a3d6f3d05a_arm64, openshift-gitops-1/dex-rhel8@sha256:a2eab607bbafe95976fb45760d529eb43bd964981dac1cf75c2691a3d6f3d05a_arm64 |
| Red Hat | openshift-gitops-1/console-plugin-rhel8@sha256:371a942b555139688ccaff031e17a64a7951a122fb539aea766a6685fb6f09b2_s390x as a component of Red Hat OpenShift GitOps 1.8 | openshift-gitops-1/console-plugin-rhel8@sha256:371a942b555139688ccaff031e17a64a7951a122fb539aea766a6685fb6f09b2_s390x, *, openshift-gitops-1/console-plugin-rhel8@sha256:371a942b555139688ccaff031e17a64a7951a122fb539aea766a6685fb6f09b2_s390x |
| Red Hat | openshift-gitops-1/dex-rhel8@sha256:8786a4bad9e5dafaefb4d9d6a82cb2cd1a5e33c5705da016a6dd678ed0bd3020_s390x as a component of Red Hat OpenShift GitOps 1.8 | openshift-gitops-1/dex-rhel8@sha256:8786a4bad9e5dafaefb4d9d6a82cb2cd1a5e33c5705da016a6dd678ed0bd3020_s390x, *, * |
| Red Hat | openshift-gitops-1/kam-delivery-rhel8@sha256:88a8aee36d303243ddb183c136d0f4d44da090b567db858fb74d5a73d35d78cd_ppc64le as a component of Red Hat OpenShift GitOps 1.8 | openshift-gitops-1/kam-delivery-rhel8@sha256:88a8aee36d303243ddb183c136d0f4d44da090b567db858fb74d5a73d35d78cd_ppc64le, openshift-gitops-1/kam-delivery-rhel8@sha256:88a8aee36d303243ddb183c136d0f4d44da090b567db858fb74d5a73d35d78cd_ppc64le, openshift-gitops-1/kam-delivery-rhel8@sha256:88a8aee36d303243ddb183c136d0f4d44da090b567db858fb74d5a73d35d78cd_ppc64le |
| Red Hat | openshift-gitops-1/console-plugin-rhel8@sha256:371a942b555139688ccaff031e17a64a7951a122fb539aea766a6685fb6f09b2_s390x as a component of Red Hat OpenShift GitOps 1.8 | *, openshift-gitops-1/console-plugin-rhel8@sha256:371a942b555139688ccaff031e17a64a7951a122fb539aea766a6685fb6f09b2_s390x, * |
…and 32 more
Timeline
- Nov 8, 2023 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- May 21, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2023:6788 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2242803 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2243296 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_6788.json advisory
- https://access.redhat.com/security/cve/CVE-2023-39325 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-39325 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-39325 advisory
- https://access.redhat.com/security/cve/CVE-2023-44487 advisory
- https://go.dev/issue/63417 advisory
- https://pkg.go.dev/vuln/GO-2023-2102 advisory
- https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-44487 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-44487 advisory
- https://github.com/dotnet/announcements/issues/277 advisory
- https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog exploit