VDB

RHSA-2023%3A7522

RHSA-2023%3A7522 PUBLISHED CVSS 7.5 HIGH

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Red Hatcontainer-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9@sha256:a1c68142038f9c1e8c09d0160c2c419900a672ebfdf6ca2ed8654f7111b39ea9_arm64 as a component of CNV 4.13 for RHEL 9container-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9@sha256:a1c68142038f9c1e8c09d0160c2c419900a672ebfdf6ca2ed8654f7111b39ea9_arm64, *, container-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9@sha256:a1c68142038f9c1e8c09d0160c2c419900a672ebfdf6ca2ed8654f7111b39ea9_arm64
Red Hatcontainer-native-virtualization/vm-console-proxy-rhel9@sha256:91cad92cf5849d910a26ca8d704963372818f23619656032893291530633935c_amd64 as a component of CNV 4.13 for RHEL 9*, *, container-native-virtualization/vm-console-proxy-rhel9@sha256:91cad92cf5849d910a26ca8d704963372818f23619656032893291530633935c_amd64
Red Hatcontainer-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9@sha256:1084bb29c47de1ef44825f2fafcaa69ef6099dadb7f5a4b79157a62c936b82c2_amd64 as a component of CNV 4.13 for RHEL 9container-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9@sha256:1084bb29c47de1ef44825f2fafcaa69ef6099dadb7f5a4b79157a62c936b82c2_amd64, container-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9@sha256:1084bb29c47de1ef44825f2fafcaa69ef6099dadb7f5a4b79157a62c936b82c2_amd64, container-native-virtualization/kubevirt-tekton-tasks-copy-template-rhel9@sha256:1084bb29c47de1ef44825f2fafcaa69ef6099dadb7f5a4b79157a62c936b82c2_amd64
Red Hatcontainer-native-virtualization/virt-operator-rhel9@sha256:53c39955d0419e0d93e5895bc1bed8bf14b3e4f319343bf17745ee7e56b42a42_arm64 as a component of CNV 4.13 for RHEL 9container-native-virtualization/virt-operator-rhel9@sha256:53c39955d0419e0d93e5895bc1bed8bf14b3e4f319343bf17745ee7e56b42a42_arm64, container-native-virtualization/virt-operator-rhel9@sha256:53c39955d0419e0d93e5895bc1bed8bf14b3e4f319343bf17745ee7e56b42a42_arm64, container-native-virtualization/virt-operator-rhel9@sha256:53c39955d0419e0d93e5895bc1bed8bf14b3e4f319343bf17745ee7e56b42a42_arm64
Red Hatcontainer-native-virtualization/virt-exportproxy-rhel9@sha256:9b03b296b984ca9140224eb0158fab9e77a6645cc43ab4207de891a538eb1300_amd64 as a component of CNV 4.13 for RHEL 9container-native-virtualization/virt-exportproxy-rhel9@sha256:9b03b296b984ca9140224eb0158fab9e77a6645cc43ab4207de891a538eb1300_amd64, *, container-native-virtualization/virt-exportproxy-rhel9@sha256:9b03b296b984ca9140224eb0158fab9e77a6645cc43ab4207de891a538eb1300_amd64
Red Hatcontainer-native-virtualization/virt-artifacts-server-rhel9@sha256:0e9a9f512e980da1cb67882667c88bb2f5860e5f7d51e9b249859413510acaf4_arm64 as a component of CNV 4.13 for RHEL 9container-native-virtualization/virt-artifacts-server-rhel9@sha256:0e9a9f512e980da1cb67882667c88bb2f5860e5f7d51e9b249859413510acaf4_arm64, container-native-virtualization/virt-artifacts-server-rhel9@sha256:0e9a9f512e980da1cb67882667c88bb2f5860e5f7d51e9b249859413510acaf4_arm64, container-native-virtualization/virt-artifacts-server-rhel9@sha256:0e9a9f512e980da1cb67882667c88bb2f5860e5f7d51e9b249859413510acaf4_arm64
Red Hatcontainer-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:70ddbdb6e7c61024cb4249af53a943a40fcf09d7867c55e91d10a61f90dee9f9_arm64 as a component of CNV 4.13 for RHEL 9*, container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:70ddbdb6e7c61024cb4249af53a943a40fcf09d7867c55e91d10a61f90dee9f9_arm64, container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:70ddbdb6e7c61024cb4249af53a943a40fcf09d7867c55e91d10a61f90dee9f9_arm64
Red Hatcontainer-native-virtualization/hyperconverged-cluster-operator-rhel9@sha256:18d5ce221b8b2c938b2d52d6751e4679b57a7723ff02698ab0fce89c4c160bd9_arm64 as a component of CNV 4.13 for RHEL 9container-native-virtualization/hyperconverged-cluster-operator-rhel9@sha256:18d5ce221b8b2c938b2d52d6751e4679b57a7723ff02698ab0fce89c4c160bd9_arm64, *, *
Red Hatcontainer-native-virtualization/kubevirt-tekton-tasks-operator-rhel9@sha256:7aefe2a125e668580ed6b175c5d650c2d14df33718a45081a5cb3f415787e348_arm64 as a component of CNV 4.13 for RHEL 9*, container-native-virtualization/kubevirt-tekton-tasks-operator-rhel9@sha256:7aefe2a125e668580ed6b175c5d650c2d14df33718a45081a5cb3f415787e348_arm64, *
Red Hatcontainer-native-virtualization/kubevirt-tekton-tasks-cleanup-vm-rhel9@sha256:9ba387cfd3ac34a6feb5dca25702a9a5361dfe81b4c4837fb916ec25952d4c39_amd64 as a component of CNV 4.13 for RHEL 9container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm-rhel9@sha256:9ba387cfd3ac34a6feb5dca25702a9a5361dfe81b4c4837fb916ec25952d4c39_amd64, *, container-native-virtualization/kubevirt-tekton-tasks-cleanup-vm-rhel9@sha256:9ba387cfd3ac34a6feb5dca25702a9a5361dfe81b4c4837fb916ec25952d4c39_amd64
Red Hatcontainer-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:70ddbdb6e7c61024cb4249af53a943a40fcf09d7867c55e91d10a61f90dee9f9_arm64 as a component of CNV 4.13 for RHEL 9container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:70ddbdb6e7c61024cb4249af53a943a40fcf09d7867c55e91d10a61f90dee9f9_arm64, container-native-virtualization/cnv-containernetworking-plugins-rhel9@sha256:70ddbdb6e7c61024cb4249af53a943a40fcf09d7867c55e91d10a61f90dee9f9_arm64, *
Red Hatcontainer-native-virtualization/kubemacpool-rhel9@sha256:016464c7400ea5e04d1d4df40bec38bd4dde83d8f79db0c54a8d81e803b8fb79_arm64 as a component of CNV 4.13 for RHEL 9container-native-virtualization/kubemacpool-rhel9@sha256:016464c7400ea5e04d1d4df40bec38bd4dde83d8f79db0c54a8d81e803b8fb79_arm64, container-native-virtualization/kubemacpool-rhel9@sha256:016464c7400ea5e04d1d4df40bec38bd4dde83d8f79db0c54a8d81e803b8fb79_arm64, container-native-virtualization/kubemacpool-rhel9@sha256:016464c7400ea5e04d1d4df40bec38bd4dde83d8f79db0c54a8d81e803b8fb79_arm64
Red Hatcontainer-native-virtualization/multus-dynamic-networks-rhel9@sha256:daf59cf25c54c336cc34862a297c9bdf03e898dbede98e0f2ca34ef1afeec3aa_arm64 as a component of CNV 4.13 for RHEL 9container-native-virtualization/multus-dynamic-networks-rhel9@sha256:daf59cf25c54c336cc34862a297c9bdf03e898dbede98e0f2ca34ef1afeec3aa_arm64, *, *
Red Hatcontainer-native-virtualization/bridge-marker-rhel9@sha256:d85a4f8ec1cea7bba6575be9984f48fce5a4600b562fb072780719f1bc5ed80e_arm64 as a component of CNV 4.13 for RHEL 9*, container-native-virtualization/bridge-marker-rhel9@sha256:d85a4f8ec1cea7bba6575be9984f48fce5a4600b562fb072780719f1bc5ed80e_arm64, *
Red Hatcontainer-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:3ed508b877d1b1ed91a9e092b9cee738471d705f9dbfb7f9af8f3e627a8a9d06_arm64 as a component of CNV 4.13 for RHEL 9container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:3ed508b877d1b1ed91a9e092b9cee738471d705f9dbfb7f9af8f3e627a8a9d06_arm64, container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:3ed508b877d1b1ed91a9e092b9cee738471d705f9dbfb7f9af8f3e627a8a9d06_arm64, container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:3ed508b877d1b1ed91a9e092b9cee738471d705f9dbfb7f9af8f3e627a8a9d06_arm64
Red Hatcontainer-native-virtualization/virt-cdi-cloner-rhel9@sha256:5bdea09f1c761544b93f7253a84bda794f518276f5fb11cde5dc188b1dc536ce_arm64 as a component of CNV 4.13 for RHEL 9*, *, *
Red Hatcontainer-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9@sha256:6f0c6a06344c2ae997bcd6318c7c33434270563c7f74394f31732f33af5429ee_amd64 as a component of CNV 4.13 for RHEL 9container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9@sha256:6f0c6a06344c2ae997bcd6318c7c33434270563c7f74394f31732f33af5429ee_amd64, container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9@sha256:6f0c6a06344c2ae997bcd6318c7c33434270563c7f74394f31732f33af5429ee_amd64, container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9@sha256:6f0c6a06344c2ae997bcd6318c7c33434270563c7f74394f31732f33af5429ee_amd64
Red Hatcontainer-native-virtualization/virt-cdi-operator-rhel9@sha256:7c3a59429cb99215aec23cb956a1871ebe1d9e62197120e716b5bcc2e1dd6964_arm64 as a component of CNV 4.13 for RHEL 9*, container-native-virtualization/virt-cdi-operator-rhel9@sha256:7c3a59429cb99215aec23cb956a1871ebe1d9e62197120e716b5bcc2e1dd6964_arm64, container-native-virtualization/virt-cdi-operator-rhel9@sha256:7c3a59429cb99215aec23cb956a1871ebe1d9e62197120e716b5bcc2e1dd6964_arm64
Red Hatcontainer-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9@sha256:9e12388f059afbd197b3d522f078c98ca78b937d6306b73e1797eedf838f8ba5_amd64 as a component of CNV 4.13 for RHEL 9*, container-native-virtualization/kubevirt-tekton-tasks-create-datavolume-rhel9@sha256:9e12388f059afbd197b3d522f078c98ca78b937d6306b73e1797eedf838f8ba5_amd64, *
Red Hatcontainer-native-virtualization/virt-cdi-apiserver-rhel9@sha256:eb90db30b736d5f0fd47540142105f837b03d7d39ccfb29542e5edb9b0fed96b_amd64 as a component of CNV 4.13 for RHEL 9container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:eb90db30b736d5f0fd47540142105f837b03d7d39ccfb29542e5edb9b0fed96b_amd64, container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:eb90db30b736d5f0fd47540142105f837b03d7d39ccfb29542e5edb9b0fed96b_amd64, container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:eb90db30b736d5f0fd47540142105f837b03d7d39ccfb29542e5edb9b0fed96b_amd64

…and 165 more

Timeline

  • Nov 28, 2023 CVE Published
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • May 21, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›