VDB

RHSA-2023%3A7469

RHSA-2023%3A7469 PUBLISHED CVSS 7.5 HIGH

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Red Hatopenshift4/ptp-must-gather-rhel8@sha256:72c26f4e4c0ca5de067cc6a12bc4c12710161e53af1e738f7c1a75cb88e545fe_amd64 as a component of Red Hat OpenShift Container Platform 4.14*, *, openshift4/ptp-must-gather-rhel8@sha256:72c26f4e4c0ca5de067cc6a12bc4c12710161e53af1e738f7c1a75cb88e545fe_amd64
Red Hatopenshift4/kubernetes-nmstate-rhel9-operator@sha256:dd08196cbbde1f8a8c597541764fcc4091468214bf020d1eee1e6fc0d4306cf4_arm64 as a component of Red Hat OpenShift Container Platform 4.14openshift4/kubernetes-nmstate-rhel9-operator@sha256:dd08196cbbde1f8a8c597541764fcc4091468214bf020d1eee1e6fc0d4306cf4_arm64, openshift4/kubernetes-nmstate-rhel9-operator@sha256:dd08196cbbde1f8a8c597541764fcc4091468214bf020d1eee1e6fc0d4306cf4_arm64, openshift4/kubernetes-nmstate-rhel9-operator@sha256:dd08196cbbde1f8a8c597541764fcc4091468214bf020d1eee1e6fc0d4306cf4_arm64
Red Hatopenshift4/ose-egress-dns-proxy@sha256:2927f848d8fb08e7ab4a901632e514a6d0466d3f0b14bbfa992e93c5f805cfa1_arm64 as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-egress-dns-proxy@sha256:2927f848d8fb08e7ab4a901632e514a6d0466d3f0b14bbfa992e93c5f805cfa1_arm64, openshift4/ose-egress-dns-proxy@sha256:2927f848d8fb08e7ab4a901632e514a6d0466d3f0b14bbfa992e93c5f805cfa1_arm64, openshift4/ose-egress-dns-proxy@sha256:2927f848d8fb08e7ab4a901632e514a6d0466d3f0b14bbfa992e93c5f805cfa1_arm64
Red Hatopenshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:bbe3cddd667a620024d2e945679043157d65a37e1f93054dd379c174ffb7020b_ppc64le as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:bbe3cddd667a620024d2e945679043157d65a37e1f93054dd379c174ffb7020b_ppc64le, openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:bbe3cddd667a620024d2e945679043157d65a37e1f93054dd379c174ffb7020b_ppc64le, openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:bbe3cddd667a620024d2e945679043157d65a37e1f93054dd379c174ffb7020b_ppc64le
Red Hatopenshift4/ose-openshift-proxy-pull-test-rhel8@sha256:9a5975b4fcc68ba8963b8b4dc297974d2a3f0c721c98a0a321148f569ce5782c_ppc64le as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-openshift-proxy-pull-test-rhel8@sha256:9a5975b4fcc68ba8963b8b4dc297974d2a3f0c721c98a0a321148f569ce5782c_ppc64le, openshift4/ose-openshift-proxy-pull-test-rhel8@sha256:9a5975b4fcc68ba8963b8b4dc297974d2a3f0c721c98a0a321148f569ce5782c_ppc64le, openshift4/ose-openshift-proxy-pull-test-rhel8@sha256:9a5975b4fcc68ba8963b8b4dc297974d2a3f0c721c98a0a321148f569ce5782c_ppc64le
Red Hatopenshift4/ose-sriov-network-config-daemon@sha256:f9c6add4995289f35f26a8bdf420dce5176d0df7de75d827b17249e98743f807_arm64 as a component of Red Hat OpenShift Container Platform 4.14*, *, openshift4/ose-sriov-network-config-daemon@sha256:f9c6add4995289f35f26a8bdf420dce5176d0df7de75d827b17249e98743f807_arm64
Red Hatopenshift4/ose-operator-sdk-rhel8@sha256:51c2adf66d8af344419069de0a324715a02ffeddcc958d97d104dac89f2d1989_ppc64le as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-operator-sdk-rhel8@sha256:51c2adf66d8af344419069de0a324715a02ffeddcc958d97d104dac89f2d1989_ppc64le, *, *
Red Hatopenshift4/ose-descheduler@sha256:f19489e85393a64ad4acebc796b27f76b1ed63ba5fdf3496f4aa984f0138ee94_ppc64le as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-descheduler@sha256:f19489e85393a64ad4acebc796b27f76b1ed63ba5fdf3496f4aa984f0138ee94_ppc64le, *, openshift4/ose-descheduler@sha256:f19489e85393a64ad4acebc796b27f76b1ed63ba5fdf3496f4aa984f0138ee94_ppc64le
Red Hatopenshift4/ose-local-storage-operator@sha256:2ded194ee5e44e2e88c3ee71df56b8eafa5488c8aee7834f5653e088de362834_s390x as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-local-storage-operator@sha256:2ded194ee5e44e2e88c3ee71df56b8eafa5488c8aee7834f5653e088de362834_s390x, *, openshift4/ose-local-storage-operator@sha256:2ded194ee5e44e2e88c3ee71df56b8eafa5488c8aee7834f5653e088de362834_s390x
Red Hatopenshift4/ingress-node-firewall-rhel9@sha256:6d0a65db44a056ce7be869e8fcfbe5308d5e0d3d73a00c0dde24c14584976590_ppc64le as a component of Red Hat OpenShift Container Platform 4.14openshift4/ingress-node-firewall-rhel9@sha256:6d0a65db44a056ce7be869e8fcfbe5308d5e0d3d73a00c0dde24c14584976590_ppc64le, *, *
Red Hatopenshift4/ose-cluster-kube-descheduler-operator@sha256:f650ae174a05f94fb0a740532af0818f3650d0313e11d4cf4c9c73ff6e1b7871_ppc64le as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-cluster-kube-descheduler-operator@sha256:f650ae174a05f94fb0a740532af0818f3650d0313e11d4cf4c9c73ff6e1b7871_ppc64le, openshift4/ose-cluster-kube-descheduler-operator@sha256:f650ae174a05f94fb0a740532af0818f3650d0313e11d4cf4c9c73ff6e1b7871_ppc64le, *
Red Hatopenshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:e9dbf461f5ca3a902565e38eae2fe1c874652c94463549a716c764411ab1a0a4_ppc64le as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:e9dbf461f5ca3a902565e38eae2fe1c874652c94463549a716c764411ab1a0a4_ppc64le, openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:e9dbf461f5ca3a902565e38eae2fe1c874652c94463549a716c764411ab1a0a4_ppc64le, *
Red Hatopenshift4/ose-cloud-event-proxy-rhel8@sha256:36bce6157732ae60f58b3aaa260112661d800c23820100b4a364f538e36f5a23_arm64 as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-cloud-event-proxy-rhel8@sha256:36bce6157732ae60f58b3aaa260112661d800c23820100b4a364f538e36f5a23_arm64, openshift4/ose-cloud-event-proxy-rhel8@sha256:36bce6157732ae60f58b3aaa260112661d800c23820100b4a364f538e36f5a23_arm64, *
Red Hatopenshift4/ose-clusterresourceoverride-rhel8-operator@sha256:3d7bed8037410e3ebf35379d59e1addae825738aa27c2ea079e839578a9db7ce_amd64 as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:3d7bed8037410e3ebf35379d59e1addae825738aa27c2ea079e839578a9db7ce_amd64, openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:3d7bed8037410e3ebf35379d59e1addae825738aa27c2ea079e839578a9db7ce_amd64, openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:3d7bed8037410e3ebf35379d59e1addae825738aa27c2ea079e839578a9db7ce_amd64
Red Hatopenshift4/ose-node-problem-detector-rhel8@sha256:2e086c70349dfeb19a50aafb79fc6c0beee5131269eb7dbc1a37b3ab532db95a_amd64 as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-node-problem-detector-rhel8@sha256:2e086c70349dfeb19a50aafb79fc6c0beee5131269eb7dbc1a37b3ab532db95a_amd64, openshift4/ose-node-problem-detector-rhel8@sha256:2e086c70349dfeb19a50aafb79fc6c0beee5131269eb7dbc1a37b3ab532db95a_amd64, openshift4/ose-node-problem-detector-rhel8@sha256:2e086c70349dfeb19a50aafb79fc6c0beee5131269eb7dbc1a37b3ab532db95a_amd64
Red Hatopenshift4/ose-local-storage-mustgather-rhel8@sha256:dd1e880d1201b6ab6414646796f4f60eeb943b6c25427d8d65b8d615e5cd41f9_s390x as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-local-storage-mustgather-rhel8@sha256:dd1e880d1201b6ab6414646796f4f60eeb943b6c25427d8d65b8d615e5cd41f9_s390x, openshift4/ose-local-storage-mustgather-rhel8@sha256:dd1e880d1201b6ab6414646796f4f60eeb943b6c25427d8d65b8d615e5cd41f9_s390x, *
Red Hatopenshift4/sriov-cni-rhel9@sha256:80918c5a90ee097dc96c5e4c33166d44e95573101fe1d533d1ac61558ad3ecf8_arm64 as a component of Red Hat OpenShift Container Platform 4.14*, openshift4/sriov-cni-rhel9@sha256:80918c5a90ee097dc96c5e4c33166d44e95573101fe1d533d1ac61558ad3ecf8_arm64, openshift4/sriov-cni-rhel9@sha256:80918c5a90ee097dc96c5e4c33166d44e95573101fe1d533d1ac61558ad3ecf8_arm64
Red Hatopenshift4/kubernetes-nmstate-rhel9-operator@sha256:be9e646a80ac0804e4a2895f56930aa8851b13ad6a344ab42d7d09fdccb13f9b_ppc64le as a component of Red Hat OpenShift Container Platform 4.14*, openshift4/kubernetes-nmstate-rhel9-operator@sha256:be9e646a80ac0804e4a2895f56930aa8851b13ad6a344ab42d7d09fdccb13f9b_ppc64le, openshift4/kubernetes-nmstate-rhel9-operator@sha256:be9e646a80ac0804e4a2895f56930aa8851b13ad6a344ab42d7d09fdccb13f9b_ppc64le
Red Hatopenshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:6a402c07ae23a8658ba93a83a3e8c5ae00f5ef90d41eca9d1a45ec5574ff733d_amd64 as a component of Red Hat OpenShift Container Platform 4.14openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:6a402c07ae23a8658ba93a83a3e8c5ae00f5ef90d41eca9d1a45ec5574ff733d_amd64, *, *
Red Hatopenshift4/metallb-rhel9@sha256:69c10bcf74cc184fb52bf114b1f82501ad3a38ff3baf0d2efef60d9dfe65d53c_s390x as a component of Red Hat OpenShift Container Platform 4.14openshift4/metallb-rhel9@sha256:69c10bcf74cc184fb52bf114b1f82501ad3a38ff3baf0d2efef60d9dfe65d53c_s390x, openshift4/metallb-rhel9@sha256:69c10bcf74cc184fb52bf114b1f82501ad3a38ff3baf0d2efef60d9dfe65d53c_s390x, openshift4/metallb-rhel9@sha256:69c10bcf74cc184fb52bf114b1f82501ad3a38ff3baf0d2efef60d9dfe65d53c_s390x

…and 337 more

Timeline

  • Nov 29, 2023 CVE Published
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • May 21, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›