RHSA-2023%3A7322
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/metallb-rhel8@sha256:6acba95a5dea48416d07d11afcdc7192b209d157d913859fadf8e186e695b013_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/metallb-rhel8@sha256:6acba95a5dea48416d07d11afcdc7192b209d157d913859fadf8e186e695b013_amd64, openshift4/metallb-rhel8@sha256:6acba95a5dea48416d07d11afcdc7192b209d157d913859fadf8e186e695b013_amd64, openshift4/metallb-rhel8@sha256:6acba95a5dea48416d07d11afcdc7192b209d157d913859fadf8e186e695b013_amd64 |
| Red Hat | openshift4/ose-sriov-network-operator@sha256:4ceb027c4daf242557913dd78e834bff8fc94758b90b49115731556045175891_ppc64le as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-sriov-network-operator@sha256:4ceb027c4daf242557913dd78e834bff8fc94758b90b49115731556045175891_ppc64le, openshift4/ose-sriov-network-operator@sha256:4ceb027c4daf242557913dd78e834bff8fc94758b90b49115731556045175891_ppc64le, openshift4/ose-sriov-network-operator@sha256:4ceb027c4daf242557913dd78e834bff8fc94758b90b49115731556045175891_ppc64le |
| Red Hat | openshift4/ose-local-storage-mustgather-rhel8@sha256:df057b6104c7d8661f38f066f1ef7bce584d8fd3a76e81c401a09d1bf3acb5f4_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | *, openshift4/ose-local-storage-mustgather-rhel8@sha256:df057b6104c7d8661f38f066f1ef7bce584d8fd3a76e81c401a09d1bf3acb5f4_amd64, openshift4/ose-local-storage-mustgather-rhel8@sha256:df057b6104c7d8661f38f066f1ef7bce584d8fd3a76e81c401a09d1bf3acb5f4_amd64 |
| Red Hat | openshift4/ose-sriov-network-config-daemon@sha256:72633a314ed82d2d2dce061cdb87122d275e5f158282991b7a552a10e3b1494d_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-sriov-network-config-daemon@sha256:72633a314ed82d2d2dce061cdb87122d275e5f158282991b7a552a10e3b1494d_amd64, openshift4/ose-sriov-network-config-daemon@sha256:72633a314ed82d2d2dce061cdb87122d275e5f158282991b7a552a10e3b1494d_amd64, openshift4/ose-sriov-network-config-daemon@sha256:72633a314ed82d2d2dce061cdb87122d275e5f158282991b7a552a10e3b1494d_amd64 |
| Red Hat | openshift4/ose-sriov-network-operator@sha256:320b6942c4305191c05f123eff193f01f46b3b3cb2cd8e3ca02d6d8396d5acbf_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-sriov-network-operator@sha256:320b6942c4305191c05f123eff193f01f46b3b3cb2cd8e3ca02d6d8396d5acbf_arm64, openshift4/ose-sriov-network-operator@sha256:320b6942c4305191c05f123eff193f01f46b3b3cb2cd8e3ca02d6d8396d5acbf_arm64, openshift4/ose-sriov-network-operator@sha256:320b6942c4305191c05f123eff193f01f46b3b3cb2cd8e3ca02d6d8396d5acbf_arm64 |
| Red Hat | openshift4/ose-kubernetes-nmstate-handler-rhel8@sha256:ee8acbab7313ae982042dd0b6ff405cced1dad73d817d3c7aa05d234a28d654b_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | *, *, * |
| Red Hat | openshift4/ose-descheduler@sha256:06947c1738c1fcdc07f4dae898b26f84ea630a0643f41bd912807133a7b327bb_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-descheduler@sha256:06947c1738c1fcdc07f4dae898b26f84ea630a0643f41bd912807133a7b327bb_arm64, openshift4/ose-descheduler@sha256:06947c1738c1fcdc07f4dae898b26f84ea630a0643f41bd912807133a7b327bb_arm64, openshift4/ose-descheduler@sha256:06947c1738c1fcdc07f4dae898b26f84ea630a0643f41bd912807133a7b327bb_arm64 |
| Red Hat | openshift4/ose-local-storage-mustgather-rhel8@sha256:5e869b3ffce746f0a105bd093af581e57d05ce36b549f787e5f6dd42147acc84_s390x as a component of Red Hat OpenShift Container Platform 4.13 | *, openshift4/ose-local-storage-mustgather-rhel8@sha256:5e869b3ffce746f0a105bd093af581e57d05ce36b549f787e5f6dd42147acc84_s390x, openshift4/ose-local-storage-mustgather-rhel8@sha256:5e869b3ffce746f0a105bd093af581e57d05ce36b549f787e5f6dd42147acc84_s390x |
| Red Hat | openshift4/metallb-rhel8-operator@sha256:2a6f2a343654c1688a5e290e09fbfca6c32a88965f9501c87e002fa2a16647b3_s390x as a component of Red Hat OpenShift Container Platform 4.13 | *, openshift4/metallb-rhel8-operator@sha256:2a6f2a343654c1688a5e290e09fbfca6c32a88965f9501c87e002fa2a16647b3_s390x, openshift4/metallb-rhel8-operator@sha256:2a6f2a343654c1688a5e290e09fbfca6c32a88965f9501c87e002fa2a16647b3_s390x |
| Red Hat | openshift4/ose-cluster-capacity@sha256:5806546eeada374b855e90f355e70ec05c120226f9b7cd504668fd1296d89c8c_s390x as a component of Red Hat OpenShift Container Platform 4.13 | *, *, openshift4/ose-cluster-capacity@sha256:5806546eeada374b855e90f355e70ec05c120226f9b7cd504668fd1296d89c8c_s390x |
| Red Hat | openshift4/kubernetes-nmstate-rhel8-operator@sha256:e152b38a59e390b1e0193b35b233aff8e743b59d3eac2f2bf922d4b30baf0938_ppc64le as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/kubernetes-nmstate-rhel8-operator@sha256:e152b38a59e390b1e0193b35b233aff8e743b59d3eac2f2bf922d4b30baf0938_ppc64le, openshift4/kubernetes-nmstate-rhel8-operator@sha256:e152b38a59e390b1e0193b35b233aff8e743b59d3eac2f2bf922d4b30baf0938_ppc64le, openshift4/kubernetes-nmstate-rhel8-operator@sha256:e152b38a59e390b1e0193b35b233aff8e743b59d3eac2f2bf922d4b30baf0938_ppc64le |
| Red Hat | openshift4/ose-local-storage-mustgather-rhel8@sha256:5e869b3ffce746f0a105bd093af581e57d05ce36b549f787e5f6dd42147acc84_s390x as a component of Red Hat OpenShift Container Platform 4.13 | *, *, openshift4/ose-local-storage-mustgather-rhel8@sha256:5e869b3ffce746f0a105bd093af581e57d05ce36b549f787e5f6dd42147acc84_s390x |
| Red Hat | openshift-tech-preview/metallb-rhel8@sha256:ed25204222dd47179b2f539cfe32b3e4b3593a1de1cfde7cf3788cf026c37ba6_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift-tech-preview/metallb-rhel8@sha256:ed25204222dd47179b2f539cfe32b3e4b3593a1de1cfde7cf3788cf026c37ba6_arm64, openshift-tech-preview/metallb-rhel8@sha256:ed25204222dd47179b2f539cfe32b3e4b3593a1de1cfde7cf3788cf026c37ba6_arm64, openshift-tech-preview/metallb-rhel8@sha256:ed25204222dd47179b2f539cfe32b3e4b3593a1de1cfde7cf3788cf026c37ba6_arm64 |
| Red Hat | openshift4/metallb-rhel8@sha256:ed25204222dd47179b2f539cfe32b3e4b3593a1de1cfde7cf3788cf026c37ba6_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/metallb-rhel8@sha256:ed25204222dd47179b2f539cfe32b3e4b3593a1de1cfde7cf3788cf026c37ba6_arm64, openshift4/metallb-rhel8@sha256:ed25204222dd47179b2f539cfe32b3e4b3593a1de1cfde7cf3788cf026c37ba6_arm64, openshift4/metallb-rhel8@sha256:ed25204222dd47179b2f539cfe32b3e4b3593a1de1cfde7cf3788cf026c37ba6_arm64 |
| Red Hat | openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:81978c017694e2bdb66e996ce8bf2c65a2167c382f97420f52e5e0068929f818_ppc64le as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:81978c017694e2bdb66e996ce8bf2c65a2167c382f97420f52e5e0068929f818_ppc64le, *, openshift4/ose-cluster-kube-descheduler-rhel8-operator@sha256:81978c017694e2bdb66e996ce8bf2c65a2167c382f97420f52e5e0068929f818_ppc64le |
| Red Hat | openshift4/ose-sriov-network-config-daemon@sha256:7d168f9741ed9e3092885dce3726f6fc25854ddcd04b6de59cb8312a0ce0693f_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | *, *, openshift4/ose-sriov-network-config-daemon@sha256:7d168f9741ed9e3092885dce3726f6fc25854ddcd04b6de59cb8312a0ce0693f_arm64 |
| Red Hat | openshift4/metallb-rhel8@sha256:0afa8ab414fc3bcfc9f4df354d98433b750d04479c98555ca2d06b1b34d2c00c_ppc64le as a component of Red Hat OpenShift Container Platform 4.13 | *, openshift4/metallb-rhel8@sha256:0afa8ab414fc3bcfc9f4df354d98433b750d04479c98555ca2d06b1b34d2c00c_ppc64le, * |
| Red Hat | openshift4/ptp-must-gather-rhel8@sha256:9447c3842319472d549dd8779b4d8adc29fb03f2f3ad38da64210e10d9349d78_ppc64le as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ptp-must-gather-rhel8@sha256:9447c3842319472d549dd8779b4d8adc29fb03f2f3ad38da64210e10d9349d78_ppc64le, *, openshift4/ptp-must-gather-rhel8@sha256:9447c3842319472d549dd8779b4d8adc29fb03f2f3ad38da64210e10d9349d78_ppc64le |
| Red Hat | openshift4/ose-local-storage-mustgather-rhel8@sha256:df057b6104c7d8661f38f066f1ef7bce584d8fd3a76e81c401a09d1bf3acb5f4_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | *, openshift4/ose-local-storage-mustgather-rhel8@sha256:df057b6104c7d8661f38f066f1ef7bce584d8fd3a76e81c401a09d1bf3acb5f4_amd64, openshift4/ose-local-storage-mustgather-rhel8@sha256:df057b6104c7d8661f38f066f1ef7bce584d8fd3a76e81c401a09d1bf3acb5f4_amd64 |
| Red Hat | openshift4/ose-descheduler@sha256:69eb28fa3fa95a407a22991b4c94a89e26a5049318f863419f4aa8c2dcbe493b_s390x as a component of Red Hat OpenShift Container Platform 4.13 | *, openshift4/ose-descheduler@sha256:69eb28fa3fa95a407a22991b4c94a89e26a5049318f863419f4aa8c2dcbe493b_s390x, openshift4/ose-descheduler@sha256:69eb28fa3fa95a407a22991b4c94a89e26a5049318f863419f4aa8c2dcbe493b_s390x |
…and 99 more
Timeline
- Nov 21, 2023 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- May 21, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2023:7322 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2243296 issue
- https://issues.redhat.com/browse/OCPBUGS-22905 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7322.json advisory
- https://access.redhat.com/security/cve/CVE-2023-39325 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-39325 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-39325 advisory
- https://access.redhat.com/security/cve/CVE-2023-44487 advisory
- https://go.dev/issue/63417 advisory
- https://pkg.go.dev/vuln/GO-2023-2102 advisory
- https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 advisory