RHSA-2023%3A7522
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | container-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9@sha256:a1c68142038f9c1e8c09d0160c2c419900a672ebfdf6ca2ed8654f7111b39ea9_arm64 as a component of CNV 4.13 for RHEL 9 | container-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9@sha256:a1c68142038f9c1e8c09d0160c2c419900a672ebfdf6ca2ed8654f7111b39ea9_arm64, *, container-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9@sha256:a1c68142038f9c1e8c09d0160c2c419900a672ebfdf6ca2ed8654f7111b39ea9_arm64 |
| Red Hat | container-native-virtualization/vm-console-proxy-rhel9@sha256:91cad92cf5849d910a26ca8d704963372818f23619656032893291530633935c_amd64 as a component of CNV 4.13 for RHEL 9 | *, *, container-native-virtualization/vm-console-proxy-rhel9@sha256:91cad92cf5849d910a26ca8d704963372818f23619656032893291530633935c_amd64 |
| Red Hat | container-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9@sha256:1084bb29c47de1ef44825f2fafcaa69ef6099dadb7f5a4b79157a62c936b82c2_amd64 as a component of CNV 4.13 for RHEL 9 | container-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9@sha256:1084bb29c47de1ef44825f2fafcaa69ef6099dadb7f5a4b79157a62c936b82c2_amd64, container-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9@sha256:1084bb29c47de1ef44825f2fafcaa69ef6099dadb7f5a4b79157a62c936b82c2_amd64, container-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9@sha256:1084bb29c47de1ef44825f2fafcaa69ef6099dadb7f5a4b79157a62c936b82c2_amd64 |
| Red Hat | container-native-virtualization/virt-operator-rhel9@sha256:53c39955d0419e0d93e5895bc1bed8bf14b3e4f319343bf17745ee7e56b42a42_arm64 as a component of CNV 4.13 for RHEL 9 | container-native-virtualization/virt-operator-rhel9@sha256:53c39955d0419e0d93e5895bc1bed8bf14b3e4f319343bf17745ee7e56b42a42_arm64, container-native-virtualization/virt-operator-rhel9@sha256:53c39955d0419e0d93e5895bc1bed8bf14b3e4f319343bf17745ee7e56b42a42_arm64, container-native-virtualization/virt-operator-rhel9@sha256:53c39955d0419e0d93e5895bc1bed8bf14b3e4f319343bf17745ee7e56b42a42_arm64 |
| Red Hat | container-native-virtualization/virt-exportproxy-rhel9@sha256:9b03b296b984ca9140224eb0158fab9e77a6645cc43ab4207de891a538eb1300_amd64 as a component of CNV 4.13 for RHEL 9 | container-native-virtualization/virt-exportproxy-rhel9@sha256:9b03b296b984ca9140224eb0158fab9e77a6645cc43ab4207de891a538eb1300_amd64, *, container-native-virtualization/virt-exportproxy-rhel9@sha256:9b03b296b984ca9140224eb0158fab9e77a6645cc43ab4207de891a538eb1300_amd64 |
| Red Hat | container-native-virtualization/virt-artifacts-server-rhel9@sha256:0e9a9f512e980da1cb67882667c88bb2f5860e5f7d51e9b249859413510acaf4_arm64 as a component of CNV 4.13 for RHEL 9 | container-native-virtualization/virt-artifacts-server-rhel9@sha256:0e9a9f512e980da1cb67882667c88bb2f5860e5f7d51e9b249859413510acaf4_arm64, container-native-virtualization/virt-artifacts-server-rhel9@sha256:0e9a9f512e980da1cb67882667c88bb2f5860e5f7d51e9b249859413510acaf4_arm64, container-native-virtualization/virt-artifacts-server-rhel9@sha256:0e9a9f512e980da1cb67882667c88bb2f5860e5f7d51e9b249859413510acaf4_arm64 |
| Red Hat | container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:70ddbdb6e7c61024cb4249af53a943a40fcf09d7867c55e91d10a61f90dee9f9_arm64 as a component of CNV 4.13 for RHEL 9 | *, container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:70ddbdb6e7c61024cb4249af53a943a40fcf09d7867c55e91d10a61f90dee9f9_arm64, container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:70ddbdb6e7c61024cb4249af53a943a40fcf09d7867c55e91d10a61f90dee9f9_arm64 |
| Red Hat | container-native-virtualization/hyperconverged-cluster-operator-rhel9@sha256:18d5ce221b8b2c938b2d52d6751e4679b57a7723ff02698ab0fce89c4c160bd9_arm64 as a component of CNV 4.13 for RHEL 9 | container-native-virtualization/hyperconverged-cluster-operator-rhel9@sha256:18d5ce221b8b2c938b2d52d6751e4679b57a7723ff02698ab0fce89c4c160bd9_arm64, *, * |
| Red Hat | container-native-virtualization/kubevirt-tekton-tasks-operator-rhel9@sha256:7aefe2a125e668580ed6b175c5d650c2d14df33718a45081a5cb3f415787e348_arm64 as a component of CNV 4.13 for RHEL 9 | *, container-native-virtualization/kubevirt-tekton-tasks-operator-rhel9@sha256:7aefe2a125e668580ed6b175c5d650c2d14df33718a45081a5cb3f415787e348_arm64, * |
| Red Hat | container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm-rhel9@sha256:9ba387cfd3ac34a6feb5dca25702a9a5361dfe81b4c4837fb916ec25952d4c39_amd64 as a component of CNV 4.13 for RHEL 9 | container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm-rhel9@sha256:9ba387cfd3ac34a6feb5dca25702a9a5361dfe81b4c4837fb916ec25952d4c39_amd64, *, container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm-rhel9@sha256:9ba387cfd3ac34a6feb5dca25702a9a5361dfe81b4c4837fb916ec25952d4c39_amd64 |
| Red Hat | container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:70ddbdb6e7c61024cb4249af53a943a40fcf09d7867c55e91d10a61f90dee9f9_arm64 as a component of CNV 4.13 for RHEL 9 | container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:70ddbdb6e7c61024cb4249af53a943a40fcf09d7867c55e91d10a61f90dee9f9_arm64, container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:70ddbdb6e7c61024cb4249af53a943a40fcf09d7867c55e91d10a61f90dee9f9_arm64, * |
| Red Hat | container-native-virtualization/kubemacpool-rhel9@sha256:016464c7400ea5e04d1d4df40bec38bd4dde83d8f79db0c54a8d81e803b8fb79_arm64 as a component of CNV 4.13 for RHEL 9 | container-native-virtualization/kubemacpool-rhel9@sha256:016464c7400ea5e04d1d4df40bec38bd4dde83d8f79db0c54a8d81e803b8fb79_arm64, container-native-virtualization/kubemacpool-rhel9@sha256:016464c7400ea5e04d1d4df40bec38bd4dde83d8f79db0c54a8d81e803b8fb79_arm64, container-native-virtualization/kubemacpool-rhel9@sha256:016464c7400ea5e04d1d4df40bec38bd4dde83d8f79db0c54a8d81e803b8fb79_arm64 |
| Red Hat | container-native-virtualization/multus-dynamic-networks-rhel9@sha256:daf59cf25c54c336cc34862a297c9bdf03e898dbede98e0f2ca34ef1afeec3aa_arm64 as a component of CNV 4.13 for RHEL 9 | container-native-virtualization/multus-dynamic-networks-rhel9@sha256:daf59cf25c54c336cc34862a297c9bdf03e898dbede98e0f2ca34ef1afeec3aa_arm64, *, * |
| Red Hat | container-native-virtualization/bridge-marker-rhel9@sha256:d85a4f8ec1cea7bba6575be9984f48fce5a4600b562fb072780719f1bc5ed80e_arm64 as a component of CNV 4.13 for RHEL 9 | *, container-native-virtualization/bridge-marker-rhel9@sha256:d85a4f8ec1cea7bba6575be9984f48fce5a4600b562fb072780719f1bc5ed80e_arm64, * |
| Red Hat | container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:3ed508b877d1b1ed91a9e092b9cee738471d705f9dbfb7f9af8f3e627a8a9d06_arm64 as a component of CNV 4.13 for RHEL 9 | container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:3ed508b877d1b1ed91a9e092b9cee738471d705f9dbfb7f9af8f3e627a8a9d06_arm64, container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:3ed508b877d1b1ed91a9e092b9cee738471d705f9dbfb7f9af8f3e627a8a9d06_arm64, container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:3ed508b877d1b1ed91a9e092b9cee738471d705f9dbfb7f9af8f3e627a8a9d06_arm64 |
| Red Hat | container-native-virtualization/virt-cdi-cloner-rhel9@sha256:5bdea09f1c761544b93f7253a84bda794f518276f5fb11cde5dc188b1dc536ce_arm64 as a component of CNV 4.13 for RHEL 9 | *, *, * |
| Red Hat | container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9@sha256:6f0c6a06344c2ae997bcd6318c7c33434270563c7f74394f31732f33af5429ee_amd64 as a component of CNV 4.13 for RHEL 9 | container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9@sha256:6f0c6a06344c2ae997bcd6318c7c33434270563c7f74394f31732f33af5429ee_amd64, container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9@sha256:6f0c6a06344c2ae997bcd6318c7c33434270563c7f74394f31732f33af5429ee_amd64, container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9@sha256:6f0c6a06344c2ae997bcd6318c7c33434270563c7f74394f31732f33af5429ee_amd64 |
| Red Hat | container-native-virtualization/virt-cdi-operator-rhel9@sha256:7c3a59429cb99215aec23cb956a1871ebe1d9e62197120e716b5bcc2e1dd6964_arm64 as a component of CNV 4.13 for RHEL 9 | *, container-native-virtualization/virt-cdi-operator-rhel9@sha256:7c3a59429cb99215aec23cb956a1871ebe1d9e62197120e716b5bcc2e1dd6964_arm64, container-native-virtualization/virt-cdi-operator-rhel9@sha256:7c3a59429cb99215aec23cb956a1871ebe1d9e62197120e716b5bcc2e1dd6964_arm64 |
| Red Hat | container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9@sha256:9e12388f059afbd197b3d522f078c98ca78b937d6306b73e1797eedf838f8ba5_amd64 as a component of CNV 4.13 for RHEL 9 | *, container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9@sha256:9e12388f059afbd197b3d522f078c98ca78b937d6306b73e1797eedf838f8ba5_amd64, * |
| Red Hat | container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:eb90db30b736d5f0fd47540142105f837b03d7d39ccfb29542e5edb9b0fed96b_amd64 as a component of CNV 4.13 for RHEL 9 | container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:eb90db30b736d5f0fd47540142105f837b03d7d39ccfb29542e5edb9b0fed96b_amd64, container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:eb90db30b736d5f0fd47540142105f837b03d7d39ccfb29542e5edb9b0fed96b_amd64, container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:eb90db30b736d5f0fd47540142105f837b03d7d39ccfb29542e5edb9b0fed96b_amd64 |
…and 165 more
Timeline
- Nov 28, 2023 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- May 21, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2023:7522 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2236422 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2242803 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2243296 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2247666 issue
- https://issues.redhat.com/browse/CNV-34788 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7522.json advisory
- https://access.redhat.com/security/cve/CVE-2023-39325 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-39325 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-39325 advisory
- https://access.redhat.com/security/cve/CVE-2023-44487 advisory
- https://go.dev/issue/63417 advisory
- https://pkg.go.dev/vuln/GO-2023-2102 advisory
- https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-44487 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-44487 advisory
- https://github.com/dotnet/announcements/issues/277 advisory
- https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ advisory
…and 1 more