VDB

RHSA-2023%3A6845

RHSA-2023%3A6845 PUBLISHED CVSS 7.5 HIGH

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Red Hatopenshift4/ose-cluster-nfd-operator@sha256:8742933c5127ae120dd61cb2aefb215c5dc98b0f4135fe202e34b517c26f857c_ppc64le as a component of Red Hat OpenShift Container Platform 4.13*, *, *
Red Hatopenshift4/ose-ansible-operator@sha256:f122363e1c60b22a9c0a0d4fc1957b36598b8b3f10c0ead4ed699bce91832af4_ppc64le as a component of Red Hat OpenShift Container Platform 4.13openshift4/ose-ansible-operator@sha256:f122363e1c60b22a9c0a0d4fc1957b36598b8b3f10c0ead4ed699bce91832af4_ppc64le, openshift4/ose-ansible-operator@sha256:f122363e1c60b22a9c0a0d4fc1957b36598b8b3f10c0ead4ed699bce91832af4_ppc64le, openshift4/ose-ansible-operator@sha256:f122363e1c60b22a9c0a0d4fc1957b36598b8b3f10c0ead4ed699bce91832af4_ppc64le
Red Hatopenshift4/ose-clusterresourceoverride-rhel8@sha256:7f9020ca588a68ebcd7401a99b7c374708644a925919cc8e271c76044c87761a_s390x as a component of Red Hat OpenShift Container Platform 4.13openshift4/ose-clusterresourceoverride-rhel8@sha256:7f9020ca588a68ebcd7401a99b7c374708644a925919cc8e271c76044c87761a_s390x, openshift4/ose-clusterresourceoverride-rhel8@sha256:7f9020ca588a68ebcd7401a99b7c374708644a925919cc8e271c76044c87761a_s390x, openshift4/ose-clusterresourceoverride-rhel8@sha256:7f9020ca588a68ebcd7401a99b7c374708644a925919cc8e271c76044c87761a_s390x
Red Hatopenshift4/ose-operator-sdk-rhel8@sha256:88e9993173cda8dfb8757dfb216b4090cdea33311a3feef615dd25f9379599c4_ppc64le as a component of Red Hat OpenShift Container Platform 4.13openshift4/ose-operator-sdk-rhel8@sha256:88e9993173cda8dfb8757dfb216b4090cdea33311a3feef615dd25f9379599c4_ppc64le, *, openshift4/ose-operator-sdk-rhel8@sha256:88e9993173cda8dfb8757dfb216b4090cdea33311a3feef615dd25f9379599c4_ppc64le
Red Hatopenshift4/ingress-node-firewall@sha256:d265847152236423397d5e79b1ba56a79b7c3cd20c039bc38af70418a1660567_s390x as a component of Red Hat OpenShift Container Platform 4.13openshift4/ingress-node-firewall@sha256:d265847152236423397d5e79b1ba56a79b7c3cd20c039bc38af70418a1660567_s390x, *, openshift4/ingress-node-firewall@sha256:d265847152236423397d5e79b1ba56a79b7c3cd20c039bc38af70418a1660567_s390x
Red Hatopenshift4/ose-cluster-capacity@sha256:6adad60471c189d0a4d0048738709bdb7f34f6929f5a614b2a0703ea242e3899_arm64 as a component of Red Hat OpenShift Container Platform 4.13*, openshift4/ose-cluster-capacity@sha256:6adad60471c189d0a4d0048738709bdb7f34f6929f5a614b2a0703ea242e3899_arm64, openshift4/ose-cluster-capacity@sha256:6adad60471c189d0a4d0048738709bdb7f34f6929f5a614b2a0703ea242e3899_arm64
Red Hatopenshift4/ose-local-storage-mustgather-rhel8@sha256:9f11e1f312dc0d60a4f6a9cf92cf421d6951cb67b8fbf0f557db34d22ea7bfde_amd64 as a component of Red Hat OpenShift Container Platform 4.13openshift4/ose-local-storage-mustgather-rhel8@sha256:9f11e1f312dc0d60a4f6a9cf92cf421d6951cb67b8fbf0f557db34d22ea7bfde_amd64, *, openshift4/ose-local-storage-mustgather-rhel8@sha256:9f11e1f312dc0d60a4f6a9cf92cf421d6951cb67b8fbf0f557db34d22ea7bfde_amd64
Red Hatopenshift4/ose-egress-dns-proxy@sha256:59afd1078f195983c2afb00fd93dc923b29bb8d8e46125d4f8a0c7f0a7e1ea8c_s390x as a component of Red Hat OpenShift Container Platform 4.13openshift4/ose-egress-dns-proxy@sha256:59afd1078f195983c2afb00fd93dc923b29bb8d8e46125d4f8a0c7f0a7e1ea8c_s390x, *, openshift4/ose-egress-dns-proxy@sha256:59afd1078f195983c2afb00fd93dc923b29bb8d8e46125d4f8a0c7f0a7e1ea8c_s390x
Red Hatopenshift-tech-preview/metallb-rhel8@sha256:b021b5d20373b8c9cc502b3bfce84515a8d191f6ca62bca2700b74edcbb06f42_arm64 as a component of Red Hat OpenShift Container Platform 4.13openshift-tech-preview/metallb-rhel8@sha256:b021b5d20373b8c9cc502b3bfce84515a8d191f6ca62bca2700b74edcbb06f42_arm64, openshift-tech-preview/metallb-rhel8@sha256:b021b5d20373b8c9cc502b3bfce84515a8d191f6ca62bca2700b74edcbb06f42_arm64, openshift-tech-preview/metallb-rhel8@sha256:b021b5d20373b8c9cc502b3bfce84515a8d191f6ca62bca2700b74edcbb06f42_arm64
Red Hatopenshift4/ose-descheduler@sha256:df6cabc045e77c2bc79b540d8491e8ff856ba7449c29514b32dd1abc371ac2c2_arm64 as a component of Red Hat OpenShift Container Platform 4.13openshift4/ose-descheduler@sha256:df6cabc045e77c2bc79b540d8491e8ff856ba7449c29514b32dd1abc371ac2c2_arm64, openshift4/ose-descheduler@sha256:df6cabc045e77c2bc79b540d8491e8ff856ba7449c29514b32dd1abc371ac2c2_arm64, openshift4/ose-descheduler@sha256:df6cabc045e77c2bc79b540d8491e8ff856ba7449c29514b32dd1abc371ac2c2_arm64
Red Hatopenshift4/ose-vertical-pod-autoscaler-rhel8@sha256:b29e290c3eb43862d64e8ecf450d0210e0261db6f9227c303477d3d3aac3523e_ppc64le as a component of Red Hat OpenShift Container Platform 4.13*, openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:b29e290c3eb43862d64e8ecf450d0210e0261db6f9227c303477d3d3aac3523e_ppc64le, openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:b29e290c3eb43862d64e8ecf450d0210e0261db6f9227c303477d3d3aac3523e_ppc64le
Red Hatopenshift4/ose-sriov-infiniband-cni@sha256:1a192b9293af53a67684223c57e3b96af498f2416821c89890c769dd1b2ac45b_amd64 as a component of Red Hat OpenShift Container Platform 4.13*, *, *
Red Hatopenshift4/ose-cluster-kube-descheduler-operator@sha256:9721638f6569e14f8221c15d9a14b8f607831e4289ed6a13f95f0341a5fb9ffc_arm64 as a component of Red Hat OpenShift Container Platform 4.13openshift4/ose-cluster-kube-descheduler-operator@sha256:9721638f6569e14f8221c15d9a14b8f607831e4289ed6a13f95f0341a5fb9ffc_arm64, openshift4/ose-cluster-kube-descheduler-operator@sha256:9721638f6569e14f8221c15d9a14b8f607831e4289ed6a13f95f0341a5fb9ffc_arm64, openshift4/ose-cluster-kube-descheduler-operator@sha256:9721638f6569e14f8221c15d9a14b8f607831e4289ed6a13f95f0341a5fb9ffc_arm64
golanggo
Red Hatopenshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:b48b5e524fba0041a936d034f80098fae304487429884eb2319e8d4c82135908_s390x as a component of Red Hat OpenShift Container Platform 4.13openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:b48b5e524fba0041a936d034f80098fae304487429884eb2319e8d4c82135908_s390x, openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:b48b5e524fba0041a936d034f80098fae304487429884eb2319e8d4c82135908_s390x, openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:b48b5e524fba0041a936d034f80098fae304487429884eb2319e8d4c82135908_s390x
Red Hatopenshift4/ose-sriov-infiniband-cni@sha256:10f5055d9b8c356bec785ad95f24b01a2c8f6549f224feff44e5a84cdd001650_arm64 as a component of Red Hat OpenShift Container Platform 4.13openshift4/ose-sriov-infiniband-cni@sha256:10f5055d9b8c356bec785ad95f24b01a2c8f6549f224feff44e5a84cdd001650_arm64, *, *
Red Hatopenshift4/ose-operator-sdk-rhel8@sha256:c27767bc4a1dde242b3d9aca4131cb103801c1efeb14f0a0de8c804a986ee5de_amd64 as a component of Red Hat OpenShift Container Platform 4.13*, openshift4/ose-operator-sdk-rhel8@sha256:c27767bc4a1dde242b3d9aca4131cb103801c1efeb14f0a0de8c804a986ee5de_amd64, openshift4/ose-operator-sdk-rhel8@sha256:c27767bc4a1dde242b3d9aca4131cb103801c1efeb14f0a0de8c804a986ee5de_amd64
Red Hatopenshift4/ose-egress-router@sha256:6cc2cf5e6cfb9277185eeef3f4d86174f3779b681dbef62a00d28e8a008c60d6_ppc64le as a component of Red Hat OpenShift Container Platform 4.13openshift4/ose-egress-router@sha256:6cc2cf5e6cfb9277185eeef3f4d86174f3779b681dbef62a00d28e8a008c60d6_ppc64le, openshift4/ose-egress-router@sha256:6cc2cf5e6cfb9277185eeef3f4d86174f3779b681dbef62a00d28e8a008c60d6_ppc64le, openshift4/ose-egress-router@sha256:6cc2cf5e6cfb9277185eeef3f4d86174f3779b681dbef62a00d28e8a008c60d6_ppc64le
Red Hatopenshift4/ose-descheduler@sha256:2f730bd96006644523494dfa9fa3829e0380ec7ca921ddae9d0c681dc196357c_s390x as a component of Red Hat OpenShift Container Platform 4.13openshift4/ose-descheduler@sha256:2f730bd96006644523494dfa9fa3829e0380ec7ca921ddae9d0c681dc196357c_s390x, openshift4/ose-descheduler@sha256:2f730bd96006644523494dfa9fa3829e0380ec7ca921ddae9d0c681dc196357c_s390x, *
Red Hatopenshift4/ose-local-storage-operator@sha256:69f4b200d10639b8a024820a5b5c05054450768ddbaf3d4f4b9a5f2f3dbcf0d7_s390x as a component of Red Hat OpenShift Container Platform 4.13openshift4/ose-local-storage-operator@sha256:69f4b200d10639b8a024820a5b5c05054450768ddbaf3d4f4b9a5f2f3dbcf0d7_s390x, openshift4/ose-local-storage-operator@sha256:69f4b200d10639b8a024820a5b5c05054450768ddbaf3d4f4b9a5f2f3dbcf0d7_s390x, *

…and 311 more

Timeline

  • Nov 15, 2023 CVE Published
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • May 21, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›