RHSA-2023%3A7475
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/ose-multus-route-override-cni-rhel8@sha256:66c45a827d8bbe57df54f1396e9c86b974c6eea33d18e81e21406d0fc2746645_s390x as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-multus-route-override-cni-rhel8@sha256:66c45a827d8bbe57df54f1396e9c86b974c6eea33d18e81e21406d0fc2746645_s390x, *, * |
| Red Hat | openshift4/ose-cluster-config-operator@sha256:d94f7d45adc1398496ec9a45bf5c70427c438861d3ec94b7aee97d2803112f83_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-cluster-config-operator@sha256:d94f7d45adc1398496ec9a45bf5c70427c438861d3ec94b7aee97d2803112f83_arm64, openshift4/ose-cluster-config-operator@sha256:d94f7d45adc1398496ec9a45bf5c70427c438861d3ec94b7aee97d2803112f83_arm64, * |
| Red Hat | openshift4/ose-nutanix-cloud-controller-manager-rhel8@sha256:ef97bcf81b035d43371a365dc7ec50d0284480a0d82b2e851a2a3222cfaf5e82_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-nutanix-cloud-controller-manager-rhel8@sha256:ef97bcf81b035d43371a365dc7ec50d0284480a0d82b2e851a2a3222cfaf5e82_amd64, openshift4/ose-nutanix-cloud-controller-manager-rhel8@sha256:ef97bcf81b035d43371a365dc7ec50d0284480a0d82b2e851a2a3222cfaf5e82_amd64, * |
| Red Hat | openshift4/ose-openshift-apiserver-rhel8@sha256:d144320cb6ca3208eddfba6bd6d84e3902d19d61fe7e724a1d9d8f693cd6a75b_ppc64le as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-openshift-apiserver-rhel8@sha256:d144320cb6ca3208eddfba6bd6d84e3902d19d61fe7e724a1d9d8f693cd6a75b_ppc64le, openshift4/ose-openshift-apiserver-rhel8@sha256:d144320cb6ca3208eddfba6bd6d84e3902d19d61fe7e724a1d9d8f693cd6a75b_ppc64le, * |
| Red Hat | openshift4/ose-network-metrics-daemon-rhel8@sha256:63a77cd1e2662a3ad1041a5727a190338172e5e777a04205843eb35b2fcc77ad_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-network-metrics-daemon-rhel8@sha256:63a77cd1e2662a3ad1041a5727a190338172e5e777a04205843eb35b2fcc77ad_amd64, openshift4/ose-network-metrics-daemon-rhel8@sha256:63a77cd1e2662a3ad1041a5727a190338172e5e777a04205843eb35b2fcc77ad_amd64, openshift4/ose-network-metrics-daemon-rhel8@sha256:63a77cd1e2662a3ad1041a5727a190338172e5e777a04205843eb35b2fcc77ad_amd64 |
| Red Hat | openshift4/ose-oauth-server-rhel8@sha256:55616b44bb1222641212f9534d04ba4a487ec9634764a30b55e03a9d1be7f921_ppc64le as a component of Red Hat OpenShift Container Platform 4.13 | *, openshift4/ose-oauth-server-rhel8@sha256:55616b44bb1222641212f9534d04ba4a487ec9634764a30b55e03a9d1be7f921_ppc64le, openshift4/ose-oauth-server-rhel8@sha256:55616b44bb1222641212f9534d04ba4a487ec9634764a30b55e03a9d1be7f921_ppc64le |
| Red Hat | openshift4/kubevirt-csi-driver-rhel8@sha256:e4cc1c83fea2bcee27e015d5ff9d39c852b29f995f43d685370be3694d7e6f5a_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/kubevirt-csi-driver-rhel8@sha256:e4cc1c83fea2bcee27e015d5ff9d39c852b29f995f43d685370be3694d7e6f5a_amd64, openshift4/kubevirt-csi-driver-rhel8@sha256:e4cc1c83fea2bcee27e015d5ff9d39c852b29f995f43d685370be3694d7e6f5a_amd64, * |
| Red Hat | openshift4/ose-powervs-cloud-controller-manager-rhel8@sha256:d31293d315d35c523f5256d88b55b3cada19c378540024e6abc2aa3de060f9a5_ppc64le as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-powervs-cloud-controller-manager-rhel8@sha256:d31293d315d35c523f5256d88b55b3cada19c378540024e6abc2aa3de060f9a5_ppc64le, openshift4/ose-powervs-cloud-controller-manager-rhel8@sha256:d31293d315d35c523f5256d88b55b3cada19c378540024e6abc2aa3de060f9a5_ppc64le, openshift4/ose-powervs-cloud-controller-manager-rhel8@sha256:d31293d315d35c523f5256d88b55b3cada19c378540024e6abc2aa3de060f9a5_ppc64le |
| Red Hat | openshift4/ose-docker-builder@sha256:e6aa9dc6817f4d674dd6ba3ef9b231b5833706a6ded80647871f0ac05d8f8496_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-docker-builder@sha256:e6aa9dc6817f4d674dd6ba3ef9b231b5833706a6ded80647871f0ac05d8f8496_arm64, *, openshift4/ose-docker-builder@sha256:e6aa9dc6817f4d674dd6ba3ef9b231b5833706a6ded80647871f0ac05d8f8496_arm64 |
| Red Hat | rhcos@sha256:5c0bbd26ba7597fbc79c42b4f7cc5ebafe4de63314968a3e8b3aead5f6d65cbb_aarch64 as a component of Red Hat OpenShift Container Platform 4.13 | rhcos@sha256:5c0bbd26ba7597fbc79c42b4f7cc5ebafe4de63314968a3e8b3aead5f6d65cbb_aarch64, rhcos@sha256:5c0bbd26ba7597fbc79c42b4f7cc5ebafe4de63314968a3e8b3aead5f6d65cbb_aarch64, rhcos@sha256:5c0bbd26ba7597fbc79c42b4f7cc5ebafe4de63314968a3e8b3aead5f6d65cbb_aarch64 |
| Red Hat | openshift4/ose-cluster-policy-controller-rhel8@sha256:da1af549825db7436aaf504b9d6607e9c696ff33a50d6c4c228e7100b6770600_s390x as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-cluster-policy-controller-rhel8@sha256:da1af549825db7436aaf504b9d6607e9c696ff33a50d6c4c228e7100b6770600_s390x, *, openshift4/ose-cluster-policy-controller-rhel8@sha256:da1af549825db7436aaf504b9d6607e9c696ff33a50d6c4c228e7100b6770600_s390x |
| Red Hat | openshift4/ose-cluster-openshift-apiserver-operator@sha256:0d347924717593a29657f5f3af0235c5d74e5c50427f0b385055b140c2f4c2f9_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-cluster-openshift-apiserver-operator@sha256:0d347924717593a29657f5f3af0235c5d74e5c50427f0b385055b140c2f4c2f9_arm64, openshift4/ose-cluster-openshift-apiserver-operator@sha256:0d347924717593a29657f5f3af0235c5d74e5c50427f0b385055b140c2f4c2f9_arm64, openshift4/ose-cluster-openshift-apiserver-operator@sha256:0d347924717593a29657f5f3af0235c5d74e5c50427f0b385055b140c2f4c2f9_arm64 |
| Red Hat | openshift4/ose-installer@sha256:5c3da75920473628c47a7ee48c102dd4a6aed72897fe24b31ac03532b3743ae4_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-installer@sha256:5c3da75920473628c47a7ee48c102dd4a6aed72897fe24b31ac03532b3743ae4_amd64, openshift4/ose-installer@sha256:5c3da75920473628c47a7ee48c102dd4a6aed72897fe24b31ac03532b3743ae4_amd64, * |
| Red Hat | openshift4/ose-console-operator@sha256:753fe9bb1deda9b539554c9592287a0827be1a154520d2a51d84c53b755b26fc_s390x as a component of Red Hat OpenShift Container Platform 4.13 | *, openshift4/ose-console-operator@sha256:753fe9bb1deda9b539554c9592287a0827be1a154520d2a51d84c53b755b26fc_s390x, openshift4/ose-console-operator@sha256:753fe9bb1deda9b539554c9592287a0827be1a154520d2a51d84c53b755b26fc_s390x |
| Red Hat | openshift4/ovirt-csi-driver-rhel8@sha256:842394fcf9a927b59034fcc311cce1d7e0a1c2e06c4ef9ac3c4a62b1750a613d_s390x as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ovirt-csi-driver-rhel8@sha256:842394fcf9a927b59034fcc311cce1d7e0a1c2e06c4ef9ac3c4a62b1750a613d_s390x, *, * |
| Red Hat | openshift4/ose-machine-api-operator@sha256:f240bfc7393ed0571f095e433c6ea7fc9c58a40f6743a63d6cb454de3f218f6c_ppc64le as a component of Red Hat OpenShift Container Platform 4.13 | *, openshift4/ose-machine-api-operator@sha256:f240bfc7393ed0571f095e433c6ea7fc9c58a40f6743a63d6cb454de3f218f6c_ppc64le, openshift4/ose-machine-api-operator@sha256:f240bfc7393ed0571f095e433c6ea7fc9c58a40f6743a63d6cb454de3f218f6c_ppc64le |
| Red Hat | openshift4/ose-csi-livenessprobe@sha256:82128a97fa634d8d4cb83184345747a8a78137237b23b326f03e6aa59d8de2af_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | *, openshift4/ose-csi-livenessprobe@sha256:82128a97fa634d8d4cb83184345747a8a78137237b23b326f03e6aa59d8de2af_amd64, openshift4/ose-csi-livenessprobe@sha256:82128a97fa634d8d4cb83184345747a8a78137237b23b326f03e6aa59d8de2af_amd64 |
| Red Hat | openshift4/ose-aws-ebs-csi-driver-rhel8-operator@sha256:fc836ff062b04305d9066a0104dd7087aa1838b2e70783ff51c832d4444df706_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | *, openshift4/ose-aws-ebs-csi-driver-rhel8-operator@sha256:fc836ff062b04305d9066a0104dd7087aa1838b2e70783ff51c832d4444df706_amd64, openshift4/ose-aws-ebs-csi-driver-rhel8-operator@sha256:fc836ff062b04305d9066a0104dd7087aa1838b2e70783ff51c832d4444df706_amd64 |
| Red Hat | openshift4/ose-cluster-image-registry-operator@sha256:4aac23f2d68d1dee40c617c9d063754ce1e6a42fcec72e723b4904ae12f926b7_ppc64le as a component of Red Hat OpenShift Container Platform 4.13 | *, *, * |
| Red Hat | openshift4/ose-multus-cni@sha256:38404bf3e1e9aa47b66c8e42d0187c32e3082737f6abd0e7cd9e81c380ce8076_s390x as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-multus-cni@sha256:38404bf3e1e9aa47b66c8e42d0187c32e3082737f6abd0e7cd9e81c380ce8076_s390x, openshift4/ose-multus-cni@sha256:38404bf3e1e9aa47b66c8e42d0187c32e3082737f6abd0e7cd9e81c380ce8076_s390x, openshift4/ose-multus-cni@sha256:38404bf3e1e9aa47b66c8e42d0187c32e3082737f6abd0e7cd9e81c380ce8076_s390x |
…and 1281 more
Timeline
- Nov 29, 2023 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- May 21, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2023:7475 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2243296 issue
- https://issues.redhat.com/browse/OCPBUGS-20421 advisory
- https://issues.redhat.com/browse/OCPBUGS-21595 advisory
- https://issues.redhat.com/browse/OCPBUGS-22816 advisory
- https://issues.redhat.com/browse/OCPBUGS-23272 advisory
- https://issues.redhat.com/browse/OCPBUGS-23368 advisory
- https://issues.redhat.com/browse/OCPBUGS-23405 advisory
- https://issues.redhat.com/browse/OCPBUGS-23411 advisory
- https://issues.redhat.com/browse/OCPBUGS-23444 advisory
- https://issues.redhat.com/browse/OCPBUGS-23464 advisory
- https://issues.redhat.com/browse/OCPBUGS-23506 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7475.json advisory
- https://access.redhat.com/security/cve/CVE-2023-39325 advisory
- https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-39325 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-39325 advisory
- https://access.redhat.com/security/cve/CVE-2023-44487 advisory
- https://go.dev/issue/63417 advisory
…and 2 more