VDB

RHSA-2023%3A7555

RHSA-2023%3A7555 PUBLISHED CVSS 7.5 HIGH

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.

Risk Scores

CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Affected Products

VendorProductVersions
Red Hatoadp/oadp-mustgather-rhel9@sha256:1979b2e3a393a936063792a4dbdc52a429b3015a5c661dea9041954aba46c567_amd64 as a component of 9Base-OADP-1.3oadp/oadp-mustgather-rhel9@sha256:1979b2e3a393a936063792a4dbdc52a429b3015a5c661dea9041954aba46c567_amd64, oadp/oadp-mustgather-rhel9@sha256:1979b2e3a393a936063792a4dbdc52a429b3015a5c661dea9041954aba46c567_amd64, *
Red Hatoadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:e48934c0a05ff02fc498679a66b4f93242a10686b973c98925006517ed1c3c59_s390x as a component of 9Base-OADP-1.3oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:e48934c0a05ff02fc498679a66b4f93242a10686b973c98925006517ed1c3c59_s390x, *, oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:e48934c0a05ff02fc498679a66b4f93242a10686b973c98925006517ed1c3c59_s390x
Red Hatoadp/oadp-velero-plugin-for-aws-rhel9@sha256:486c3b2f1e8a16986309966473aab35a7aaaf490a25c151ab534a7c029ebd3f1_amd64 as a component of 9Base-OADP-1.3oadp/oadp-velero-plugin-for-aws-rhel9@sha256:486c3b2f1e8a16986309966473aab35a7aaaf490a25c151ab534a7c029ebd3f1_amd64, *, oadp/oadp-velero-plugin-for-aws-rhel9@sha256:486c3b2f1e8a16986309966473aab35a7aaaf490a25c151ab534a7c029ebd3f1_amd64
Red Hatoadp/oadp-velero-plugin-for-csi-rhel9@sha256:6b59f2d1dea625fc1e14275083542986e3d53fdb1dc1d934e3f1f2fa2c90fd5a_s390x as a component of 9Base-OADP-1.3oadp/oadp-velero-plugin-for-csi-rhel9@sha256:6b59f2d1dea625fc1e14275083542986e3d53fdb1dc1d934e3f1f2fa2c90fd5a_s390x, oadp/oadp-velero-plugin-for-csi-rhel9@sha256:6b59f2d1dea625fc1e14275083542986e3d53fdb1dc1d934e3f1f2fa2c90fd5a_s390x, *
Red Hatoadp/oadp-mustgather-rhel9@sha256:8fb3cce0033e3de7fc67e764de96773eec18f4184cd5f9ddf4b0cd2b2d953220_s390x as a component of 9Base-OADP-1.3oadp/oadp-mustgather-rhel9@sha256:8fb3cce0033e3de7fc67e764de96773eec18f4184cd5f9ddf4b0cd2b2d953220_s390x, *, oadp/oadp-mustgather-rhel9@sha256:8fb3cce0033e3de7fc67e764de96773eec18f4184cd5f9ddf4b0cd2b2d953220_s390x
Red Hatoadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:b5da27f7e78679e2d191f4f95da9fed16c6771471fe7fa1cad3eaf5c84c58e74_arm64 as a component of 9Base-OADP-1.3oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:b5da27f7e78679e2d191f4f95da9fed16c6771471fe7fa1cad3eaf5c84c58e74_arm64, *, oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:b5da27f7e78679e2d191f4f95da9fed16c6771471fe7fa1cad3eaf5c84c58e74_arm64
Red Hatoadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:1016fe7844ac9bf28c07b8c0d74acdf62854d2bed8319047e557973569d44bbc_ppc64le as a component of 9Base-OADP-1.3oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:1016fe7844ac9bf28c07b8c0d74acdf62854d2bed8319047e557973569d44bbc_ppc64le, oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:1016fe7844ac9bf28c07b8c0d74acdf62854d2bed8319047e557973569d44bbc_ppc64le, oadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:1016fe7844ac9bf28c07b8c0d74acdf62854d2bed8319047e557973569d44bbc_ppc64le
Red Hatoadp/oadp-velero-plugin-rhel9@sha256:71ab195206354afe71631bace4c1754d13e7f9584d84b88513f45ba9e751ed24_s390x as a component of 9Base-OADP-1.3oadp/oadp-velero-plugin-rhel9@sha256:71ab195206354afe71631bace4c1754d13e7f9584d84b88513f45ba9e751ed24_s390x, oadp/oadp-velero-plugin-rhel9@sha256:71ab195206354afe71631bace4c1754d13e7f9584d84b88513f45ba9e751ed24_s390x, *
Red Hatoadp/oadp-kubevirt-velero-plugin-rhel9@sha256:0d0b1ab0e8c287286f19ce71d9aacba69510826347f4dda5e0ff7a2be0ef6c88_ppc64le as a component of 9Base-OADP-1.3*, *, *
Red Hatoadp/oadp-velero-plugin-for-gcp-rhel9@sha256:702008d74a7ed324d1da2ac20e2358504bb04d6708d2703a7ea65414450f201d_amd64 as a component of 9Base-OADP-1.3*, oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:702008d74a7ed324d1da2ac20e2358504bb04d6708d2703a7ea65414450f201d_amd64, oadp/oadp-velero-plugin-for-gcp-rhel9@sha256:702008d74a7ed324d1da2ac20e2358504bb04d6708d2703a7ea65414450f201d_amd64
Red Hatoadp/oadp-kubevirt-velero-plugin-rhel9@sha256:3970a66b4525a97ef6ee39fea1570f7b81b0529b281d05d5bad82e2c2261b00d_amd64 as a component of 9Base-OADP-1.3oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:3970a66b4525a97ef6ee39fea1570f7b81b0529b281d05d5bad82e2c2261b00d_amd64, oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:3970a66b4525a97ef6ee39fea1570f7b81b0529b281d05d5bad82e2c2261b00d_amd64, oadp/oadp-kubevirt-velero-plugin-rhel9@sha256:3970a66b4525a97ef6ee39fea1570f7b81b0529b281d05d5bad82e2c2261b00d_amd64
Red Hatoadp/oadp-rhel9-operator@sha256:d6361b290e08f9bfc22d902587206ef81ebdf9e8234475e7b846bb165c6029ba_arm64 as a component of 9Base-OADP-1.3oadp/oadp-rhel9-operator@sha256:d6361b290e08f9bfc22d902587206ef81ebdf9e8234475e7b846bb165c6029ba_arm64, oadp/oadp-rhel9-operator@sha256:d6361b290e08f9bfc22d902587206ef81ebdf9e8234475e7b846bb165c6029ba_arm64, oadp/oadp-rhel9-operator@sha256:d6361b290e08f9bfc22d902587206ef81ebdf9e8234475e7b846bb165c6029ba_arm64
Red Hatoadp/oadp-velero-rhel9@sha256:79578a4ab2c7904e2d337be50b9f63afd7c0c39ca10abee7fd9b13e6f481656b_ppc64le as a component of 9Base-OADP-1.3oadp/oadp-velero-rhel9@sha256:79578a4ab2c7904e2d337be50b9f63afd7c0c39ca10abee7fd9b13e6f481656b_ppc64le, oadp/oadp-velero-rhel9@sha256:79578a4ab2c7904e2d337be50b9f63afd7c0c39ca10abee7fd9b13e6f481656b_ppc64le, oadp/oadp-velero-rhel9@sha256:79578a4ab2c7904e2d337be50b9f63afd7c0c39ca10abee7fd9b13e6f481656b_ppc64le
Red Hatoadp/oadp-mustgather-rhel9@sha256:8fb3cce0033e3de7fc67e764de96773eec18f4184cd5f9ddf4b0cd2b2d953220_s390x as a component of 9Base-OADP-1.3*, oadp/oadp-mustgather-rhel9@sha256:8fb3cce0033e3de7fc67e764de96773eec18f4184cd5f9ddf4b0cd2b2d953220_s390x, oadp/oadp-mustgather-rhel9@sha256:8fb3cce0033e3de7fc67e764de96773eec18f4184cd5f9ddf4b0cd2b2d953220_s390x
Red Hatoadp/oadp-operator-bundle@sha256:4cde7e9b893b3a9b5c6eccb5496701d1601046cc1487f94d28bed3b0538e9957_amd64 as a component of 9Base-OADP-1.3oadp/oadp-operator-bundle@sha256:4cde7e9b893b3a9b5c6eccb5496701d1601046cc1487f94d28bed3b0538e9957_amd64, *, oadp/oadp-operator-bundle@sha256:4cde7e9b893b3a9b5c6eccb5496701d1601046cc1487f94d28bed3b0538e9957_amd64
Red Hatoadp/oadp-kubevirt-velero-plugin-rhel9@sha256:f68841818eebf6fd794a4766fcaddacc7476b02e5248a25db45ee325b9dbd682_s390x as a component of 9Base-OADP-1.3*, *, *
Red Hatoadp/oadp-rhel9-operator@sha256:e1cb117c57176aaa30641b849a95a23e737215e15f1be784f73870c1f2be02fd_ppc64le as a component of 9Base-OADP-1.3*, oadp/oadp-rhel9-operator@sha256:e1cb117c57176aaa30641b849a95a23e737215e15f1be784f73870c1f2be02fd_ppc64le, oadp/oadp-rhel9-operator@sha256:e1cb117c57176aaa30641b849a95a23e737215e15f1be784f73870c1f2be02fd_ppc64le
Red Hatoadp/oadp-velero-rhel9@sha256:35705ecc01555ec8b6deda36aca73d4a1eb0fdee12ce66f6109cbfe46a9a89b9_amd64 as a component of 9Base-OADP-1.3*, *, oadp/oadp-velero-rhel9@sha256:35705ecc01555ec8b6deda36aca73d4a1eb0fdee12ce66f6109cbfe46a9a89b9_amd64
Red Hatoadp/oadp-operator-bundle@sha256:50e6ff903856253916602dbb2e2fc5d0a2cf013fb710af1fb618c09aed30d09d_arm64 as a component of 9Base-OADP-1.3*, oadp/oadp-operator-bundle@sha256:50e6ff903856253916602dbb2e2fc5d0a2cf013fb710af1fb618c09aed30d09d_arm64, *
Red Hatoadp/oadp-velero-plugin-for-microsoft-azure-rhel9@sha256:62db24300066a4f25fadc6f9f2e38d5ed52053932084524021b98ade564b8a5f_amd64 as a component of 9Base-OADP-1.3*, *, *

…and 69 more

Timeline

  • Nov 28, 2023 CVE Published
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Distribution Patch
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • Apr 25, 2026 Security Advisory
  • May 21, 2026 CVE Updated
Open in Interactive Console →
$ Console Community · 100/wk Open console ›