VDB

RHSA-2023%3A6836

RHSA-2023%3A6836 PUBLISHED CVSS 7.5 HIGH

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Red Hatopenshift4/ose-cluster-kube-descheduler-operator@sha256:8626dc3e14019a3a725caabdd48a2093bf8eb77d611906740e8b632ebdee8bb1_ppc64le as a component of Red Hat OpenShift Container Platform 4.14*, *, openshift4/ose-cluster-kube-descheduler-operator@sha256:8626dc3e14019a3a725caabdd48a2093bf8eb77d611906740e8b632ebdee8bb1_ppc64le
Red Hatopenshift4/ose-local-storage-diskmaker@sha256:95dcbca8e66386855535982a924da3193e4c0d4067eb7dd6faf8238a1559bce7_arm64 as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-local-storage-diskmaker@sha256:95dcbca8e66386855535982a924da3193e4c0d4067eb7dd6faf8238a1559bce7_arm64, *, openshift4/ose-local-storage-diskmaker@sha256:95dcbca8e66386855535982a924da3193e4c0d4067eb7dd6faf8238a1559bce7_arm64
Red Hatopenshift4/ose-egress-dns-proxy@sha256:43e07a5d4da8403ed0263c31a0b837c7d1b4ab3270bf8411b5e5f46c46ddcec1_amd64 as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-egress-dns-proxy@sha256:43e07a5d4da8403ed0263c31a0b837c7d1b4ab3270bf8411b5e5f46c46ddcec1_amd64, *, openshift4/ose-egress-dns-proxy@sha256:43e07a5d4da8403ed0263c31a0b837c7d1b4ab3270bf8411b5e5f46c46ddcec1_amd64
Red Hatopenshift4/ose-egress-http-proxy@sha256:ab11a583762aae8858f566e43e420a2c2062a02468ee8f6044b8aae10fa86ca5_arm64 as a component of Red Hat OpenShift Container Platform 4.14*, *, openshift4/ose-egress-http-proxy@sha256:ab11a583762aae8858f566e43e420a2c2062a02468ee8f6044b8aae10fa86ca5_arm64
Red Hatopenshift-tech-preview/metallb-rhel8@sha256:e71bef803bd0f6c70bc364ab12b142d0d49ce235a03191ad90434fadfcec6492_amd64 as a component of Red Hat OpenShift Container Platform 4.14openshift-tech-preview/metallb-rhel8@sha256:e71bef803bd0f6c70bc364ab12b142d0d49ce235a03191ad90434fadfcec6492_amd64, *, openshift-tech-preview/metallb-rhel8@sha256:e71bef803bd0f6c70bc364ab12b142d0d49ce235a03191ad90434fadfcec6492_amd64
Red Hatopenshift4/ptp-must-gather-rhel8@sha256:22d36a1d85496bdbb0941488b31597cbb66920f4a4bf7234d82da2030be0dbe9_ppc64le as a component of Red Hat OpenShift Container Platform 4.14openshift4/ptp-must-gather-rhel8@sha256:22d36a1d85496bdbb0941488b31597cbb66920f4a4bf7234d82da2030be0dbe9_ppc64le, *, *
Red Hatopenshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:aa5014aacef767ab7dc963afce78089cea19015c7175a67cfdea42bbd3fdab25_ppc64le as a component of Red Hat OpenShift Container Platform 4.14*, openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:aa5014aacef767ab7dc963afce78089cea19015c7175a67cfdea42bbd3fdab25_ppc64le, openshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:aa5014aacef767ab7dc963afce78089cea19015c7175a67cfdea42bbd3fdab25_ppc64le
Red Hatopenshift4/ose-clusterresourceoverride-rhel8-operator@sha256:b522da40066a38358ae80ba851d33c8044d332cab5678ef6d73b6cfcbf97d091_s390x as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:b522da40066a38358ae80ba851d33c8044d332cab5678ef6d73b6cfcbf97d091_s390x, *, openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:b522da40066a38358ae80ba851d33c8044d332cab5678ef6d73b6cfcbf97d091_s390x
Red Hatopenshift4/frr-rhel9@sha256:c0cd52c58233244545c4552fd6406a95f84aee286bec95b84f4168fca2f8bb6b_arm64 as a component of Red Hat OpenShift Container Platform 4.14*, openshift4/frr-rhel9@sha256:c0cd52c58233244545c4552fd6406a95f84aee286bec95b84f4168fca2f8bb6b_arm64, openshift4/frr-rhel9@sha256:c0cd52c58233244545c4552fd6406a95f84aee286bec95b84f4168fca2f8bb6b_arm64
Red Hatopenshift4/ose-sriov-network-config-daemon@sha256:107ff7faf7a5ec8be028cc3cd7a97861b16052db17fbd1e65ef04cb47caef840_arm64 as a component of Red Hat OpenShift Container Platform 4.14*, openshift4/ose-sriov-network-config-daemon@sha256:107ff7faf7a5ec8be028cc3cd7a97861b16052db17fbd1e65ef04cb47caef840_arm64, openshift4/ose-sriov-network-config-daemon@sha256:107ff7faf7a5ec8be028cc3cd7a97861b16052db17fbd1e65ef04cb47caef840_arm64
Red Hatopenshift4/ose-secrets-store-csi-mustgather-rhel8@sha256:bc86899f4cc73ea62314c07e7a8d89a24a95d7f46ce73df196717e5a9d78985c_amd64 as a component of Red Hat OpenShift Container Platform 4.14*, *, *
Red Hatopenshift4/ose-openshift-proxy-pull-test-rhel8@sha256:0a6ba836f37d836976b9b556e61a3032a9f69de5fec680f36b74a7dd08a9bc60_ppc64le as a component of Red Hat OpenShift Container Platform 4.14*, *, openshift4/ose-openshift-proxy-pull-test-rhel8@sha256:0a6ba836f37d836976b9b556e61a3032a9f69de5fec680f36b74a7dd08a9bc60_ppc64le
Red Hatopenshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:0083db645ed823cde46239b53962b215c8399cb4d90c88819477be37caff244a_amd64 as a component of Red Hat OpenShift Container Platform 4.14*, openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:0083db645ed823cde46239b53962b215c8399cb4d90c88819477be37caff244a_amd64, openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:0083db645ed823cde46239b53962b215c8399cb4d90c88819477be37caff244a_amd64
Red Hatopenshift4/ose-egress-http-proxy@sha256:bfef29aaf3e7e26bccbf580ff9707afcd29a9e2c55097a9d4a80d833de5cfb77_amd64 as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-egress-http-proxy@sha256:bfef29aaf3e7e26bccbf580ff9707afcd29a9e2c55097a9d4a80d833de5cfb77_amd64, *, *
Red Hatopenshift4/ose-sriov-network-webhook@sha256:e99b7322d383c5650a6d4abfb29f352d6b03e3af850003a36d24c7e376ec9cb7_arm64 as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-sriov-network-webhook@sha256:e99b7322d383c5650a6d4abfb29f352d6b03e3af850003a36d24c7e376ec9cb7_arm64, openshift4/ose-sriov-network-webhook@sha256:e99b7322d383c5650a6d4abfb29f352d6b03e3af850003a36d24c7e376ec9cb7_arm64, openshift4/ose-sriov-network-webhook@sha256:e99b7322d383c5650a6d4abfb29f352d6b03e3af850003a36d24c7e376ec9cb7_arm64
Red Hatopenshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:ced23c3517cf99f649b4f04597c83f21a2b1f4fca07cff4aa491de3f4dd84755_arm64 as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:ced23c3517cf99f649b4f04597c83f21a2b1f4fca07cff4aa491de3f4dd84755_arm64, openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:ced23c3517cf99f649b4f04597c83f21a2b1f4fca07cff4aa491de3f4dd84755_arm64, openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:ced23c3517cf99f649b4f04597c83f21a2b1f4fca07cff4aa491de3f4dd84755_arm64
Red Hatopenshift4/ose-operator-sdk-rhel8@sha256:18a82f86d5e71a948adb10ce6060556a1462689b6e364adbe1130226efcc3a0e_s390x as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-operator-sdk-rhel8@sha256:18a82f86d5e71a948adb10ce6060556a1462689b6e364adbe1130226efcc3a0e_s390x, openshift4/ose-operator-sdk-rhel8@sha256:18a82f86d5e71a948adb10ce6060556a1462689b6e364adbe1130226efcc3a0e_s390x, openshift4/ose-operator-sdk-rhel8@sha256:18a82f86d5e71a948adb10ce6060556a1462689b6e364adbe1130226efcc3a0e_s390x
Red Hatopenshift4/ose-ansible-operator@sha256:57b0a07d7ef87f6e9416bf92c223d2847f4d40bec9c2cf970012a56975fd5fd5_arm64 as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-ansible-operator@sha256:57b0a07d7ef87f6e9416bf92c223d2847f4d40bec9c2cf970012a56975fd5fd5_arm64, *, openshift4/ose-ansible-operator@sha256:57b0a07d7ef87f6e9416bf92c223d2847f4d40bec9c2cf970012a56975fd5fd5_arm64
Red Hatopenshift4/ose-sriov-network-operator@sha256:c7a82735ca99ff96f0c38da5704919558b0ef481cae0f040cdebc3b839aed5ca_arm64 as a component of Red Hat OpenShift Container Platform 4.14*, openshift4/ose-sriov-network-operator@sha256:c7a82735ca99ff96f0c38da5704919558b0ef481cae0f040cdebc3b839aed5ca_arm64, *
Red Hatopenshift4/kubernetes-nmstate-rhel9-operator@sha256:c1261865e7909fb968058ae01058ccf861d42e25a5635f5e72415b6efc189c77_amd64 as a component of Red Hat OpenShift Container Platform 4.14openshift4/kubernetes-nmstate-rhel9-operator@sha256:c1261865e7909fb968058ae01058ccf861d42e25a5635f5e72415b6efc189c77_amd64, openshift4/kubernetes-nmstate-rhel9-operator@sha256:c1261865e7909fb968058ae01058ccf861d42e25a5635f5e72415b6efc189c77_amd64, openshift4/kubernetes-nmstate-rhel9-operator@sha256:c1261865e7909fb968058ae01058ccf861d42e25a5635f5e72415b6efc189c77_amd64

…and 347 more

Timeline

  • Nov 15, 2023 CVE Published
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • May 21, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›