RHSA-2023%3A7469
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/ptp-must-gather-rhel8@sha256:72c26f4e4c0ca5de067cc6a12bc4c12710161e53af1e738f7c1a75cb88e545fe_amd64 as a component of Red Hat OpenShift Container Platform 4.14 | *, *, openshift4/ptp-must-gather-rhel8@sha256:72c26f4e4c0ca5de067cc6a12bc4c12710161e53af1e738f7c1a75cb88e545fe_amd64 |
| Red Hat | openshift4/kubernetes-nmstate-rhel9-operator@sha256:dd08196cbbde1f8a8c597541764fcc4091468214bf020d1eee1e6fc0d4306cf4_arm64 as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/kubernetes-nmstate-rhel9-operator@sha256:dd08196cbbde1f8a8c597541764fcc4091468214bf020d1eee1e6fc0d4306cf4_arm64, openshift4/kubernetes-nmstate-rhel9-operator@sha256:dd08196cbbde1f8a8c597541764fcc4091468214bf020d1eee1e6fc0d4306cf4_arm64, openshift4/kubernetes-nmstate-rhel9-operator@sha256:dd08196cbbde1f8a8c597541764fcc4091468214bf020d1eee1e6fc0d4306cf4_arm64 |
| Red Hat | openshift4/ose-egress-dns-proxy@sha256:2927f848d8fb08e7ab4a901632e514a6d0466d3f0b14bbfa992e93c5f805cfa1_arm64 as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-egress-dns-proxy@sha256:2927f848d8fb08e7ab4a901632e514a6d0466d3f0b14bbfa992e93c5f805cfa1_arm64, openshift4/ose-egress-dns-proxy@sha256:2927f848d8fb08e7ab4a901632e514a6d0466d3f0b14bbfa992e93c5f805cfa1_arm64, openshift4/ose-egress-dns-proxy@sha256:2927f848d8fb08e7ab4a901632e514a6d0466d3f0b14bbfa992e93c5f805cfa1_arm64 |
| Red Hat | openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:bbe3cddd667a620024d2e945679043157d65a37e1f93054dd379c174ffb7020b_ppc64le as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:bbe3cddd667a620024d2e945679043157d65a37e1f93054dd379c174ffb7020b_ppc64le, openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:bbe3cddd667a620024d2e945679043157d65a37e1f93054dd379c174ffb7020b_ppc64le, openshift4/ose-gcp-filestore-csi-driver-rhel8@sha256:bbe3cddd667a620024d2e945679043157d65a37e1f93054dd379c174ffb7020b_ppc64le |
| Red Hat | openshift4/ose-openshift-proxy-pull-test-rhel8@sha256:9a5975b4fcc68ba8963b8b4dc297974d2a3f0c721c98a0a321148f569ce5782c_ppc64le as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-openshift-proxy-pull-test-rhel8@sha256:9a5975b4fcc68ba8963b8b4dc297974d2a3f0c721c98a0a321148f569ce5782c_ppc64le, openshift4/ose-openshift-proxy-pull-test-rhel8@sha256:9a5975b4fcc68ba8963b8b4dc297974d2a3f0c721c98a0a321148f569ce5782c_ppc64le, openshift4/ose-openshift-proxy-pull-test-rhel8@sha256:9a5975b4fcc68ba8963b8b4dc297974d2a3f0c721c98a0a321148f569ce5782c_ppc64le |
| Red Hat | openshift4/ose-sriov-network-config-daemon@sha256:f9c6add4995289f35f26a8bdf420dce5176d0df7de75d827b17249e98743f807_arm64 as a component of Red Hat OpenShift Container Platform 4.14 | *, *, openshift4/ose-sriov-network-config-daemon@sha256:f9c6add4995289f35f26a8bdf420dce5176d0df7de75d827b17249e98743f807_arm64 |
| Red Hat | openshift4/ose-operator-sdk-rhel8@sha256:51c2adf66d8af344419069de0a324715a02ffeddcc958d97d104dac89f2d1989_ppc64le as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-operator-sdk-rhel8@sha256:51c2adf66d8af344419069de0a324715a02ffeddcc958d97d104dac89f2d1989_ppc64le, *, * |
| Red Hat | openshift4/ose-descheduler@sha256:f19489e85393a64ad4acebc796b27f76b1ed63ba5fdf3496f4aa984f0138ee94_ppc64le as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-descheduler@sha256:f19489e85393a64ad4acebc796b27f76b1ed63ba5fdf3496f4aa984f0138ee94_ppc64le, *, openshift4/ose-descheduler@sha256:f19489e85393a64ad4acebc796b27f76b1ed63ba5fdf3496f4aa984f0138ee94_ppc64le |
| Red Hat | openshift4/ose-local-storage-operator@sha256:2ded194ee5e44e2e88c3ee71df56b8eafa5488c8aee7834f5653e088de362834_s390x as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-local-storage-operator@sha256:2ded194ee5e44e2e88c3ee71df56b8eafa5488c8aee7834f5653e088de362834_s390x, *, openshift4/ose-local-storage-operator@sha256:2ded194ee5e44e2e88c3ee71df56b8eafa5488c8aee7834f5653e088de362834_s390x |
| Red Hat | openshift4/ingress-node-firewall-rhel9@sha256:6d0a65db44a056ce7be869e8fcfbe5308d5e0d3d73a00c0dde24c14584976590_ppc64le as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ingress-node-firewall-rhel9@sha256:6d0a65db44a056ce7be869e8fcfbe5308d5e0d3d73a00c0dde24c14584976590_ppc64le, *, * |
| Red Hat | openshift4/ose-cluster-kube-descheduler-operator@sha256:f650ae174a05f94fb0a740532af0818f3650d0313e11d4cf4c9c73ff6e1b7871_ppc64le as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-cluster-kube-descheduler-operator@sha256:f650ae174a05f94fb0a740532af0818f3650d0313e11d4cf4c9c73ff6e1b7871_ppc64le, openshift4/ose-cluster-kube-descheduler-operator@sha256:f650ae174a05f94fb0a740532af0818f3650d0313e11d4cf4c9c73ff6e1b7871_ppc64le, * |
| Red Hat | openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:e9dbf461f5ca3a902565e38eae2fe1c874652c94463549a716c764411ab1a0a4_ppc64le as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:e9dbf461f5ca3a902565e38eae2fe1c874652c94463549a716c764411ab1a0a4_ppc64le, openshift4/ose-kubernetes-nmstate-handler-rhel9@sha256:e9dbf461f5ca3a902565e38eae2fe1c874652c94463549a716c764411ab1a0a4_ppc64le, * |
| Red Hat | openshift4/ose-cloud-event-proxy-rhel8@sha256:36bce6157732ae60f58b3aaa260112661d800c23820100b4a364f538e36f5a23_arm64 as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-cloud-event-proxy-rhel8@sha256:36bce6157732ae60f58b3aaa260112661d800c23820100b4a364f538e36f5a23_arm64, openshift4/ose-cloud-event-proxy-rhel8@sha256:36bce6157732ae60f58b3aaa260112661d800c23820100b4a364f538e36f5a23_arm64, * |
| Red Hat | openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:3d7bed8037410e3ebf35379d59e1addae825738aa27c2ea079e839578a9db7ce_amd64 as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:3d7bed8037410e3ebf35379d59e1addae825738aa27c2ea079e839578a9db7ce_amd64, openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:3d7bed8037410e3ebf35379d59e1addae825738aa27c2ea079e839578a9db7ce_amd64, openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:3d7bed8037410e3ebf35379d59e1addae825738aa27c2ea079e839578a9db7ce_amd64 |
| Red Hat | openshift4/ose-node-problem-detector-rhel8@sha256:2e086c70349dfeb19a50aafb79fc6c0beee5131269eb7dbc1a37b3ab532db95a_amd64 as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-node-problem-detector-rhel8@sha256:2e086c70349dfeb19a50aafb79fc6c0beee5131269eb7dbc1a37b3ab532db95a_amd64, openshift4/ose-node-problem-detector-rhel8@sha256:2e086c70349dfeb19a50aafb79fc6c0beee5131269eb7dbc1a37b3ab532db95a_amd64, openshift4/ose-node-problem-detector-rhel8@sha256:2e086c70349dfeb19a50aafb79fc6c0beee5131269eb7dbc1a37b3ab532db95a_amd64 |
| Red Hat | openshift4/ose-local-storage-mustgather-rhel8@sha256:dd1e880d1201b6ab6414646796f4f60eeb943b6c25427d8d65b8d615e5cd41f9_s390x as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-local-storage-mustgather-rhel8@sha256:dd1e880d1201b6ab6414646796f4f60eeb943b6c25427d8d65b8d615e5cd41f9_s390x, openshift4/ose-local-storage-mustgather-rhel8@sha256:dd1e880d1201b6ab6414646796f4f60eeb943b6c25427d8d65b8d615e5cd41f9_s390x, * |
| Red Hat | openshift4/sriov-cni-rhel9@sha256:80918c5a90ee097dc96c5e4c33166d44e95573101fe1d533d1ac61558ad3ecf8_arm64 as a component of Red Hat OpenShift Container Platform 4.14 | *, openshift4/sriov-cni-rhel9@sha256:80918c5a90ee097dc96c5e4c33166d44e95573101fe1d533d1ac61558ad3ecf8_arm64, openshift4/sriov-cni-rhel9@sha256:80918c5a90ee097dc96c5e4c33166d44e95573101fe1d533d1ac61558ad3ecf8_arm64 |
| Red Hat | openshift4/kubernetes-nmstate-rhel9-operator@sha256:be9e646a80ac0804e4a2895f56930aa8851b13ad6a344ab42d7d09fdccb13f9b_ppc64le as a component of Red Hat OpenShift Container Platform 4.14 | *, openshift4/kubernetes-nmstate-rhel9-operator@sha256:be9e646a80ac0804e4a2895f56930aa8851b13ad6a344ab42d7d09fdccb13f9b_ppc64le, openshift4/kubernetes-nmstate-rhel9-operator@sha256:be9e646a80ac0804e4a2895f56930aa8851b13ad6a344ab42d7d09fdccb13f9b_ppc64le |
| Red Hat | openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:6a402c07ae23a8658ba93a83a3e8c5ae00f5ef90d41eca9d1a45ec5574ff733d_amd64 as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:6a402c07ae23a8658ba93a83a3e8c5ae00f5ef90d41eca9d1a45ec5574ff733d_amd64, *, * |
| Red Hat | openshift4/metallb-rhel9@sha256:69c10bcf74cc184fb52bf114b1f82501ad3a38ff3baf0d2efef60d9dfe65d53c_s390x as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/metallb-rhel9@sha256:69c10bcf74cc184fb52bf114b1f82501ad3a38ff3baf0d2efef60d9dfe65d53c_s390x, openshift4/metallb-rhel9@sha256:69c10bcf74cc184fb52bf114b1f82501ad3a38ff3baf0d2efef60d9dfe65d53c_s390x, openshift4/metallb-rhel9@sha256:69c10bcf74cc184fb52bf114b1f82501ad3a38ff3baf0d2efef60d9dfe65d53c_s390x |
…and 337 more
Timeline
- Nov 29, 2023 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- May 21, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2023:7469 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2243296 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2245180 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7469.json advisory
- https://access.redhat.com/security/cve/CVE-2023-39325 advisory
- https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-39325 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-39325 advisory
- https://access.redhat.com/security/cve/CVE-2023-44487 advisory
- https://go.dev/issue/63417 advisory
- https://pkg.go.dev/vuln/GO-2023-2102 advisory
- https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 advisory
- https://access.redhat.com/security/cve/CVE-2023-45142 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-45142 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-45142 advisory
- https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-rcjv-mgp8-qvmr advisory