RHSA-2023%3A7599
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/ose-multus-networkpolicy-rhel8@sha256:67a2860a93d3faa0f2b7b4b026690e31c6b64504ee338512b086aff7fc993049_s390x as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-multus-networkpolicy-rhel8@sha256:67a2860a93d3faa0f2b7b4b026690e31c6b64504ee338512b086aff7fc993049_s390x, openshift4/ose-multus-networkpolicy-rhel8@sha256:67a2860a93d3faa0f2b7b4b026690e31c6b64504ee338512b086aff7fc993049_s390x, openshift4/ose-multus-networkpolicy-rhel8@sha256:67a2860a93d3faa0f2b7b4b026690e31c6b64504ee338512b086aff7fc993049_s390x |
| Red Hat | openshift4/ose-cluster-storage-operator@sha256:097a66da5237384ee4b10f425578f4544f23028db3bd4dc2873b4ed573b30335_s390x as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-cluster-storage-operator@sha256:097a66da5237384ee4b10f425578f4544f23028db3bd4dc2873b4ed573b30335_s390x, openshift4/ose-cluster-storage-operator@sha256:097a66da5237384ee4b10f425578f4544f23028db3bd4dc2873b4ed573b30335_s390x, openshift4/ose-cluster-storage-operator@sha256:097a66da5237384ee4b10f425578f4544f23028db3bd4dc2873b4ed573b30335_s390x |
| Red Hat | openshift4/ose-operator-lifecycle-manager@sha256:8af0a4afdd1d4b263f8365a765bbab04fe8b271710a52b394b285dd29497143a_amd64 as a component of Red Hat OpenShift Container Platform 4.14 | *, openshift4/ose-operator-lifecycle-manager@sha256:8af0a4afdd1d4b263f8365a765bbab04fe8b271710a52b394b285dd29497143a_amd64, openshift4/ose-operator-lifecycle-manager@sha256:8af0a4afdd1d4b263f8365a765bbab04fe8b271710a52b394b285dd29497143a_amd64 |
| Red Hat | openshift4/ose-cluster-network-operator@sha256:2d576541b81f2b696b1e44bc72039124b3c1ae4b003d4934b98d8e7cc79af850_s390x as a component of Red Hat OpenShift Container Platform 4.14 | *, *, * |
| Red Hat | openshift4/ose-cluster-update-keys@sha256:d9840d141254fa23c1f7bd7ad0b0a49f59180d2c36b1d8b912e8dc39c51e5275_amd64 as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-cluster-update-keys@sha256:d9840d141254fa23c1f7bd7ad0b0a49f59180d2c36b1d8b912e8dc39c51e5275_amd64, openshift4/ose-cluster-update-keys@sha256:d9840d141254fa23c1f7bd7ad0b0a49f59180d2c36b1d8b912e8dc39c51e5275_amd64, openshift4/ose-cluster-update-keys@sha256:d9840d141254fa23c1f7bd7ad0b0a49f59180d2c36b1d8b912e8dc39c51e5275_amd64 |
| Red Hat | rhcos@sha256:dff448827d1b0cf4c05ee0c214965c33d6b330f34e9bddd1bf0c1947c79644a6_ppc64le as a component of Red Hat OpenShift Container Platform 4.14 | rhcos@sha256:dff448827d1b0cf4c05ee0c214965c33d6b330f34e9bddd1bf0c1947c79644a6_ppc64le, rhcos@sha256:dff448827d1b0cf4c05ee0c214965c33d6b330f34e9bddd1bf0c1947c79644a6_ppc64le, rhcos@sha256:dff448827d1b0cf4c05ee0c214965c33d6b330f34e9bddd1bf0c1947c79644a6_ppc64le |
| Red Hat | openshift4/ose-operator-lifecycle-manager@sha256:f1fa69f874dbb67ff02e9be02116f5c3793b1a1c5935a565071c90c638e6cb45_ppc64le as a component of Red Hat OpenShift Container Platform 4.14 | *, openshift4/ose-operator-lifecycle-manager@sha256:f1fa69f874dbb67ff02e9be02116f5c3793b1a1c5935a565071c90c638e6cb45_ppc64le, openshift4/ose-operator-lifecycle-manager@sha256:f1fa69f874dbb67ff02e9be02116f5c3793b1a1c5935a565071c90c638e6cb45_ppc64le |
| Red Hat | openshift4/ose-multus-networkpolicy-rhel8@sha256:4a510aa3761c47c5214f7d6571c883988b0e55971113250a63402e01ee05c544_amd64 as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-multus-networkpolicy-rhel8@sha256:4a510aa3761c47c5214f7d6571c883988b0e55971113250a63402e01ee05c544_amd64, openshift4/ose-multus-networkpolicy-rhel8@sha256:4a510aa3761c47c5214f7d6571c883988b0e55971113250a63402e01ee05c544_amd64, * |
| Red Hat | rhcos@sha256:dff448827d1b0cf4c05ee0c214965c33d6b330f34e9bddd1bf0c1947c79644a6_aarch64 as a component of Red Hat OpenShift Container Platform 4.14 | *, rhcos@sha256:dff448827d1b0cf4c05ee0c214965c33d6b330f34e9bddd1bf0c1947c79644a6_aarch64, * |
| Red Hat | openshift4/ose-ironic-machine-os-downloader-rhel9@sha256:90fb7d4d6cd7811483930ba246a324abfc37c37fd428dd7b4bb8ec03370b12fa_amd64 as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-ironic-machine-os-downloader-rhel9@sha256:90fb7d4d6cd7811483930ba246a324abfc37c37fd428dd7b4bb8ec03370b12fa_amd64, openshift4/ose-ironic-machine-os-downloader-rhel9@sha256:90fb7d4d6cd7811483930ba246a324abfc37c37fd428dd7b4bb8ec03370b12fa_amd64, * |
| Red Hat | openshift4/ose-cluster-update-keys@sha256:1481734b7e0aec8543bca6c2285703c292a3d8028149ccb5936574c11c966bec_s390x as a component of Red Hat OpenShift Container Platform 4.14 | *, *, openshift4/ose-cluster-update-keys@sha256:1481734b7e0aec8543bca6c2285703c292a3d8028149ccb5936574c11c966bec_s390x |
| Red Hat | openshift4/ose-agent-installer-orchestrator-rhel8@sha256:8273c7f6bb7455bde86ccec0b12375132295ab11f4a5e6649c9f267005d6afe7_amd64 as a component of Red Hat OpenShift Container Platform 4.14 | *, *, openshift4/ose-agent-installer-orchestrator-rhel8@sha256:8273c7f6bb7455bde86ccec0b12375132295ab11f4a5e6649c9f267005d6afe7_amd64 |
| golang | Go | |
| Red Hat | openshift4/ose-operator-registry@sha256:d35edc074bcabab730afa8993ca171147cfd7ff0630912e08958fc87dfadc334_ppc64le as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-operator-registry@sha256:d35edc074bcabab730afa8993ca171147cfd7ff0630912e08958fc87dfadc334_ppc64le, *, * |
| Red Hat | rhcos@sha256:dff448827d1b0cf4c05ee0c214965c33d6b330f34e9bddd1bf0c1947c79644a6_s390x as a component of Red Hat OpenShift Container Platform 4.14 | rhcos@sha256:dff448827d1b0cf4c05ee0c214965c33d6b330f34e9bddd1bf0c1947c79644a6_s390x, rhcos@sha256:dff448827d1b0cf4c05ee0c214965c33d6b330f34e9bddd1bf0c1947c79644a6_s390x, rhcos@sha256:dff448827d1b0cf4c05ee0c214965c33d6b330f34e9bddd1bf0c1947c79644a6_s390x |
| Red Hat | openshift4/driver-toolkit-rhel9@sha256:09a499d3f73ddd66a061b33e6e4d36dea1e4e039dfdf7782ecca699d281de4c8_s390x as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/driver-toolkit-rhel9@sha256:09a499d3f73ddd66a061b33e6e4d36dea1e4e039dfdf7782ecca699d281de4c8_s390x, openshift4/driver-toolkit-rhel9@sha256:09a499d3f73ddd66a061b33e6e4d36dea1e4e039dfdf7782ecca699d281de4c8_s390x, openshift4/driver-toolkit-rhel9@sha256:09a499d3f73ddd66a061b33e6e4d36dea1e4e039dfdf7782ecca699d281de4c8_s390x |
| Red Hat | openshift4/ose-cloud-credential-operator@sha256:60c347a61c0f9b5388bde25256c6b3146b20686598856ed6fa72b97d42e2c0b1_s390x as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-cloud-credential-operator@sha256:60c347a61c0f9b5388bde25256c6b3146b20686598856ed6fa72b97d42e2c0b1_s390x, *, openshift4/ose-cloud-credential-operator@sha256:60c347a61c0f9b5388bde25256c6b3146b20686598856ed6fa72b97d42e2c0b1_s390x |
| Red Hat | openshift4/ose-openshift-apiserver-rhel8@sha256:a8509177f2ca0a5ff73f7b2e73b097cf61c3276d4b2a275cbc5b2724d33318e2_s390x as a component of Red Hat OpenShift Container Platform 4.14 | *, *, openshift4/ose-openshift-apiserver-rhel8@sha256:a8509177f2ca0a5ff73f7b2e73b097cf61c3276d4b2a275cbc5b2724d33318e2_s390x |
| Red Hat | openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8@sha256:0da8dd6e527e35571acf815225b0c314c9acbb0dbdaf290aa035120952e5d5e4_amd64 as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8@sha256:0da8dd6e527e35571acf815225b0c314c9acbb0dbdaf290aa035120952e5d5e4_amd64, openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8@sha256:0da8dd6e527e35571acf815225b0c314c9acbb0dbdaf290aa035120952e5d5e4_amd64, openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8@sha256:0da8dd6e527e35571acf815225b0c314c9acbb0dbdaf290aa035120952e5d5e4_amd64 |
| Red Hat | openshift4/ose-vsphere-csi-driver-operator-rhel8@sha256:d647a76196fc7424e4fe89bdeed8fa73f5584ff3436d2657a808a0af0470cf20_amd64 as a component of Red Hat OpenShift Container Platform 4.14 | *, openshift4/ose-vsphere-csi-driver-operator-rhel8@sha256:d647a76196fc7424e4fe89bdeed8fa73f5584ff3436d2657a808a0af0470cf20_amd64, * |
…and 147 more
Timeline
- Dec 5, 2023 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- May 21, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2023:7599 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2243296 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2245180 issue
- https://issues.redhat.com/browse/OCPBUGS-10126 advisory
- https://issues.redhat.com/browse/OCPBUGS-22286 advisory
- https://issues.redhat.com/browse/OCPBUGS-22363 advisory
- https://issues.redhat.com/browse/OCPBUGS-22430 advisory
- https://issues.redhat.com/browse/OCPBUGS-23426 advisory
- https://issues.redhat.com/browse/OCPBUGS-23490 advisory
- https://issues.redhat.com/browse/OCPBUGS-23751 advisory
- https://issues.redhat.com/browse/OCPBUGS-23906 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7599.json advisory
- https://access.redhat.com/security/cve/CVE-2023-39325 advisory
- https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-39325 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-39325 advisory
- https://access.redhat.com/security/cve/CVE-2023-44487 advisory
- https://go.dev/issue/63417 advisory
- https://pkg.go.dev/vuln/GO-2023-2102 advisory
…and 5 more