RHSA-2023%3A7215
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift-service-mesh/pilot-rhel8@sha256:818fc5474a2bea0400b6b022cca31f522ea05b58bfa57fca1f6cb20efeb140f7_amd64 as a component of RHOSSM 2.2 for RHEL 8 | openshift-service-mesh/pilot-rhel8@sha256:818fc5474a2bea0400b6b022cca31f522ea05b58bfa57fca1f6cb20efeb140f7_amd64, *, openshift-service-mesh/pilot-rhel8@sha256:818fc5474a2bea0400b6b022cca31f522ea05b58bfa57fca1f6cb20efeb140f7_amd64 |
| Red Hat | openshift-service-mesh/pilot-rhel8@sha256:818fc5474a2bea0400b6b022cca31f522ea05b58bfa57fca1f6cb20efeb140f7_amd64 as a component of RHOSSM 2.2 for RHEL 8 | openshift-service-mesh/pilot-rhel8@sha256:818fc5474a2bea0400b6b022cca31f522ea05b58bfa57fca1f6cb20efeb140f7_amd64, openshift-service-mesh/pilot-rhel8@sha256:818fc5474a2bea0400b6b022cca31f522ea05b58bfa57fca1f6cb20efeb140f7_amd64, * |
| Red Hat | openshift-service-mesh/kiali-rhel8@sha256:081d9b91f85a9fa135ddaf993b67ba01282205b5e87d31cffa1a9e659a430a61_ppc64le as a component of RHOSSM 2.2 for RHEL 8 | openshift-service-mesh/kiali-rhel8@sha256:081d9b91f85a9fa135ddaf993b67ba01282205b5e87d31cffa1a9e659a430a61_ppc64le, *, * |
| Red Hat | openshift-service-mesh/proxyv2-rhel8@sha256:208a5000e943fb68e2c2cfea0ac6223fdc6a43363b19fb3ac3e6c19326afa464_ppc64le as a component of RHOSSM 2.2 for RHEL 8 | *, *, * |
| Red Hat | openshift-service-mesh/kiali-rhel8@sha256:081d9b91f85a9fa135ddaf993b67ba01282205b5e87d31cffa1a9e659a430a61_ppc64le as a component of RHOSSM 2.2 for RHEL 8 | openshift-service-mesh/kiali-rhel8@sha256:081d9b91f85a9fa135ddaf993b67ba01282205b5e87d31cffa1a9e659a430a61_ppc64le, *, * |
| Red Hat | openshift-service-mesh/istio-must-gather-rhel8@sha256:a3031870bd2199c28e754585b57363f953818bd20bf9ad04f5545e0eb4ae4793_amd64 as a component of RHOSSM 2.2 for RHEL 8 | openshift-service-mesh/istio-must-gather-rhel8@sha256:a3031870bd2199c28e754585b57363f953818bd20bf9ad04f5545e0eb4ae4793_amd64, openshift-service-mesh/istio-must-gather-rhel8@sha256:a3031870bd2199c28e754585b57363f953818bd20bf9ad04f5545e0eb4ae4793_amd64, * |
| Red Hat | openshift-service-mesh/istio-must-gather-rhel8@sha256:7834412d7ae6f8d1b4610a373245a675904f141534211e56657f47be68ff35a2_s390x as a component of RHOSSM 2.2 for RHEL 8 | openshift-service-mesh/istio-must-gather-rhel8@sha256:7834412d7ae6f8d1b4610a373245a675904f141534211e56657f47be68ff35a2_s390x, openshift-service-mesh/istio-must-gather-rhel8@sha256:7834412d7ae6f8d1b4610a373245a675904f141534211e56657f47be68ff35a2_s390x, openshift-service-mesh/istio-must-gather-rhel8@sha256:7834412d7ae6f8d1b4610a373245a675904f141534211e56657f47be68ff35a2_s390x |
| Red Hat | openshift-service-mesh/proxyv2-rhel8@sha256:7cc28d4baf68ca0902d7dc44d9fc2a9ac626268fd4320d17caa3f22cc08618c1_s390x as a component of RHOSSM 2.2 for RHEL 8 | *, *, openshift-service-mesh/proxyv2-rhel8@sha256:7cc28d4baf68ca0902d7dc44d9fc2a9ac626268fd4320d17caa3f22cc08618c1_s390x |
| Red Hat | openshift-service-mesh/proxyv2-rhel8@sha256:4abe159e450801e062a3afceff661ab25dc57ea122ce58269b2f3566a55c8dc2_amd64 as a component of RHOSSM 2.2 for RHEL 8 | openshift-service-mesh/proxyv2-rhel8@sha256:4abe159e450801e062a3afceff661ab25dc57ea122ce58269b2f3566a55c8dc2_amd64, openshift-service-mesh/proxyv2-rhel8@sha256:4abe159e450801e062a3afceff661ab25dc57ea122ce58269b2f3566a55c8dc2_amd64, openshift-service-mesh/proxyv2-rhel8@sha256:4abe159e450801e062a3afceff661ab25dc57ea122ce58269b2f3566a55c8dc2_amd64 |
| Red Hat | openshift-service-mesh/grafana-rhel8@sha256:dcfa0e73a89d2ad273720c209dd94fe3b652c5606d196d4962a2f662ed834612_ppc64le as a component of RHOSSM 2.2 for RHEL 8 | *, openshift-service-mesh/grafana-rhel8@sha256:dcfa0e73a89d2ad273720c209dd94fe3b652c5606d196d4962a2f662ed834612_ppc64le, openshift-service-mesh/grafana-rhel8@sha256:dcfa0e73a89d2ad273720c209dd94fe3b652c5606d196d4962a2f662ed834612_ppc64le |
| Red Hat | openshift-service-mesh/istio-must-gather-rhel8@sha256:3061637ecdeac036dc9171f5b079daa0a4a193589161e90920c681abb27c5ce3_ppc64le as a component of RHOSSM 2.2 for RHEL 8 | openshift-service-mesh/istio-must-gather-rhel8@sha256:3061637ecdeac036dc9171f5b079daa0a4a193589161e90920c681abb27c5ce3_ppc64le, *, * |
| Red Hat | openshift-service-mesh/ratelimit-rhel8@sha256:096bf95cdba671943bb9f7ec5f804201c1cf06607a164c7b76ef745c26c82d73_s390x as a component of RHOSSM 2.2 for RHEL 8 | openshift-service-mesh/ratelimit-rhel8@sha256:096bf95cdba671943bb9f7ec5f804201c1cf06607a164c7b76ef745c26c82d73_s390x, openshift-service-mesh/ratelimit-rhel8@sha256:096bf95cdba671943bb9f7ec5f804201c1cf06607a164c7b76ef745c26c82d73_s390x, * |
| Red Hat | openshift-service-mesh/kiali-rhel8@sha256:b426bab535c9417d2ed4951153ef03c06d95060a3378f8621b5eb3436995aa8e_s390x as a component of RHOSSM 2.2 for RHEL 8 | *, openshift-service-mesh/kiali-rhel8@sha256:b426bab535c9417d2ed4951153ef03c06d95060a3378f8621b5eb3436995aa8e_s390x, openshift-service-mesh/kiali-rhel8@sha256:b426bab535c9417d2ed4951153ef03c06d95060a3378f8621b5eb3436995aa8e_s390x |
| Red Hat | openshift-service-mesh/istio-cni-rhel8@sha256:a0f0fcdf2d1be20c4b483d338803b4f968ed6a51ee842bae3f2539aaea660b36_amd64 as a component of RHOSSM 2.2 for RHEL 8 | *, openshift-service-mesh/istio-cni-rhel8@sha256:a0f0fcdf2d1be20c4b483d338803b4f968ed6a51ee842bae3f2539aaea660b36_amd64, openshift-service-mesh/istio-cni-rhel8@sha256:a0f0fcdf2d1be20c4b483d338803b4f968ed6a51ee842bae3f2539aaea660b36_amd64 |
| Red Hat | openshift-service-mesh/istio-must-gather-rhel8@sha256:a3031870bd2199c28e754585b57363f953818bd20bf9ad04f5545e0eb4ae4793_amd64 as a component of RHOSSM 2.2 for RHEL 8 | openshift-service-mesh/istio-must-gather-rhel8@sha256:a3031870bd2199c28e754585b57363f953818bd20bf9ad04f5545e0eb4ae4793_amd64, openshift-service-mesh/istio-must-gather-rhel8@sha256:a3031870bd2199c28e754585b57363f953818bd20bf9ad04f5545e0eb4ae4793_amd64, openshift-service-mesh/istio-must-gather-rhel8@sha256:a3031870bd2199c28e754585b57363f953818bd20bf9ad04f5545e0eb4ae4793_amd64 |
| Red Hat | openshift-service-mesh/grafana-rhel8@sha256:2ac0267f703527a6af7cf822ac8dc33f8e27a8784c2091c6894ea9d4faeff290_s390x as a component of RHOSSM 2.2 for RHEL 8 | openshift-service-mesh/grafana-rhel8@sha256:2ac0267f703527a6af7cf822ac8dc33f8e27a8784c2091c6894ea9d4faeff290_s390x, openshift-service-mesh/grafana-rhel8@sha256:2ac0267f703527a6af7cf822ac8dc33f8e27a8784c2091c6894ea9d4faeff290_s390x, openshift-service-mesh/grafana-rhel8@sha256:2ac0267f703527a6af7cf822ac8dc33f8e27a8784c2091c6894ea9d4faeff290_s390x |
| Red Hat | openshift-service-mesh/istio-cni-rhel8@sha256:fcc2034b3448c92e1ac6c3848def79942238733d4acf03ae2e5a2b84be0c6545_s390x as a component of RHOSSM 2.2 for RHEL 8 | openshift-service-mesh/istio-cni-rhel8@sha256:fcc2034b3448c92e1ac6c3848def79942238733d4acf03ae2e5a2b84be0c6545_s390x, openshift-service-mesh/istio-cni-rhel8@sha256:fcc2034b3448c92e1ac6c3848def79942238733d4acf03ae2e5a2b84be0c6545_s390x, * |
| Red Hat | openshift-service-mesh/pilot-rhel8@sha256:b654048f91103418e1c503a9b45b9890c868892e746218fb26a6768a842a6310_s390x as a component of RHOSSM 2.2 for RHEL 8 | *, openshift-service-mesh/pilot-rhel8@sha256:b654048f91103418e1c503a9b45b9890c868892e746218fb26a6768a842a6310_s390x, * |
| Red Hat | openshift-service-mesh/prometheus-rhel8@sha256:dbcf658a5354b9b7d412826a77cfb0ce889c4704634f5d13325161021feff81e_amd64 as a component of RHOSSM 2.2 for RHEL 8 | openshift-service-mesh/prometheus-rhel8@sha256:dbcf658a5354b9b7d412826a77cfb0ce889c4704634f5d13325161021feff81e_amd64, openshift-service-mesh/prometheus-rhel8@sha256:dbcf658a5354b9b7d412826a77cfb0ce889c4704634f5d13325161021feff81e_amd64, openshift-service-mesh/prometheus-rhel8@sha256:dbcf658a5354b9b7d412826a77cfb0ce889c4704634f5d13325161021feff81e_amd64 |
…and 30 more
Timeline
- Nov 15, 2023 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- May 21, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2023:7215 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2242803 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2243296 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7215.json advisory
- https://access.redhat.com/security/cve/CVE-2023-39325 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-39325 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-39325 advisory
- https://access.redhat.com/security/cve/CVE-2023-44487 advisory
- https://go.dev/issue/63417 advisory
- https://pkg.go.dev/vuln/GO-2023-2102 advisory
- https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-44487 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-44487 advisory
- https://github.com/dotnet/announcements/issues/277 advisory
- https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog exploit