RHSA-2023%3A7607
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:9b09e20301634260eeed312e2a5ce35c69b361a5c22f0048cba3e31eaf9fed05_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-gcp-filestore-csi-driver-rhel8-operator@sha256:9b09e20301634260eeed312e2a5ce35c69b361a5c22f0048cba3e31eaf9fed05_ppc64le, *, * |
| Red Hat | openshift4/dpu-network-rhel8-operator@sha256:e83fc469ad0bfa07460635ef524869c1d79aeb7733efeaee028974f4e3bdd1ef_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/dpu-network-rhel8-operator@sha256:e83fc469ad0bfa07460635ef524869c1d79aeb7733efeaee028974f4e3bdd1ef_amd64, openshift4/dpu-network-rhel8-operator@sha256:e83fc469ad0bfa07460635ef524869c1d79aeb7733efeaee028974f4e3bdd1ef_amd64, openshift4/dpu-network-rhel8-operator@sha256:e83fc469ad0bfa07460635ef524869c1d79aeb7733efeaee028974f4e3bdd1ef_amd64 |
| Red Hat | openshift4/kubernetes-nmstate-rhel8-operator@sha256:60c50c608a087be767cc467d32a5aab91e1d7b778591f65c6590f5ad83450600_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/kubernetes-nmstate-rhel8-operator@sha256:60c50c608a087be767cc467d32a5aab91e1d7b778591f65c6590f5ad83450600_ppc64le, *, * |
| Red Hat | openshift4/ose-cloud-event-proxy@sha256:07cf1e463dcbb0c95411d65ba7e40c3e0596babf939a355161447a10efd1907b_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | *, openshift4/ose-cloud-event-proxy@sha256:07cf1e463dcbb0c95411d65ba7e40c3e0596babf939a355161447a10efd1907b_ppc64le, openshift4/ose-cloud-event-proxy@sha256:07cf1e463dcbb0c95411d65ba7e40c3e0596babf939a355161447a10efd1907b_ppc64le |
| Red Hat | openshift4/ose-local-storage-operator@sha256:31e003a4d0979cb32a94b8c09093b2b2688536cb96eb3b89a849230dfd511b7f_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | *, *, openshift4/ose-local-storage-operator@sha256:31e003a4d0979cb32a94b8c09093b2b2688536cb96eb3b89a849230dfd511b7f_ppc64le |
| Red Hat | openshift4/ose-sriov-infiniband-cni@sha256:f306c501a115341eb77fa2932dce0d998f5d08fa6b6da4a4319839605f5b2809_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-sriov-infiniband-cni@sha256:f306c501a115341eb77fa2932dce0d998f5d08fa6b6da4a4319839605f5b2809_amd64, *, * |
| Red Hat | openshift4/metallb-rhel8@sha256:21615408394f70770bc38def52a3ef9b0bff7b88fbf12fd22b1520234a398dcb_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/metallb-rhel8@sha256:21615408394f70770bc38def52a3ef9b0bff7b88fbf12fd22b1520234a398dcb_amd64, openshift4/metallb-rhel8@sha256:21615408394f70770bc38def52a3ef9b0bff7b88fbf12fd22b1520234a398dcb_amd64, * |
| Red Hat | openshift4/ose-helm-operator@sha256:45cb1209f0cd8a0d95e95736b4e2471348112b469d6cc524fd6c7017fa762809_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-helm-operator@sha256:45cb1209f0cd8a0d95e95736b4e2471348112b469d6cc524fd6c7017fa762809_ppc64le, openshift4/ose-helm-operator@sha256:45cb1209f0cd8a0d95e95736b4e2471348112b469d6cc524fd6c7017fa762809_ppc64le, openshift4/ose-helm-operator@sha256:45cb1209f0cd8a0d95e95736b4e2471348112b469d6cc524fd6c7017fa762809_ppc64le |
| Red Hat | openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:0dd0652a3865c2ad263dc896a9de834fca2f0fe4ff1a3e3942eb4b6f3053b76d_s390x as a component of Red Hat OpenShift Container Platform 4.12 | *, *, * |
| Red Hat | openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:66c2c9d350c5429b5302f405e25c7a207040397f766f3faa6595ad12f3bc5de6_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:66c2c9d350c5429b5302f405e25c7a207040397f766f3faa6595ad12f3bc5de6_arm64, openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:66c2c9d350c5429b5302f405e25c7a207040397f766f3faa6595ad12f3bc5de6_arm64, openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:66c2c9d350c5429b5302f405e25c7a207040397f766f3faa6595ad12f3bc5de6_arm64 |
| Red Hat | openshift4/ose-clusterresourceoverride-rhel8@sha256:dd6c432862cd33befbd2966bc152edf8ae862f1eb521e4b1a62c34d1026a81a6_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-clusterresourceoverride-rhel8@sha256:dd6c432862cd33befbd2966bc152edf8ae862f1eb521e4b1a62c34d1026a81a6_amd64, openshift4/ose-clusterresourceoverride-rhel8@sha256:dd6c432862cd33befbd2966bc152edf8ae862f1eb521e4b1a62c34d1026a81a6_amd64, openshift4/ose-clusterresourceoverride-rhel8@sha256:dd6c432862cd33befbd2966bc152edf8ae862f1eb521e4b1a62c34d1026a81a6_amd64 |
| Red Hat | openshift4/dpu-network-rhel8-operator@sha256:e83fc469ad0bfa07460635ef524869c1d79aeb7733efeaee028974f4e3bdd1ef_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/dpu-network-rhel8-operator@sha256:e83fc469ad0bfa07460635ef524869c1d79aeb7733efeaee028974f4e3bdd1ef_amd64, *, * |
| Red Hat | openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:39f2d743ddac231a33512737ddfaf8871e6714325646f97976cccdd22c83050f_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | *, openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:39f2d743ddac231a33512737ddfaf8871e6714325646f97976cccdd22c83050f_amd64, openshift4/ose-clusterresourceoverride-rhel8-operator@sha256:39f2d743ddac231a33512737ddfaf8871e6714325646f97976cccdd22c83050f_amd64 |
| Red Hat | openshift4/ose-egress-http-proxy@sha256:7035ffbbb43bcb80a8baaaf626e2e4c58ffbb96978cf7ee4762d4723a6e5d04a_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | *, openshift4/ose-egress-http-proxy@sha256:7035ffbbb43bcb80a8baaaf626e2e4c58ffbb96978cf7ee4762d4723a6e5d04a_arm64, openshift4/ose-egress-http-proxy@sha256:7035ffbbb43bcb80a8baaaf626e2e4c58ffbb96978cf7ee4762d4723a6e5d04a_arm64 |
| Red Hat | openshift4/metallb-rhel8-operator@sha256:cbf45e26bf092e35d322329c4f7a10081405fda4e888dcc836b8ac0277c0f3f3_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/metallb-rhel8-operator@sha256:cbf45e26bf092e35d322329c4f7a10081405fda4e888dcc836b8ac0277c0f3f3_amd64, openshift4/metallb-rhel8-operator@sha256:cbf45e26bf092e35d322329c4f7a10081405fda4e888dcc836b8ac0277c0f3f3_amd64, * |
| Red Hat | openshift4/ose-openshift-proxy-pull-test-rhel8@sha256:931bcff7521857234f03fc9f11d9f8025079b3653e5ca6e5061d627675f3e018_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-openshift-proxy-pull-test-rhel8@sha256:931bcff7521857234f03fc9f11d9f8025079b3653e5ca6e5061d627675f3e018_ppc64le, *, * |
| Red Hat | openshift4/ose-node-feature-discovery@sha256:e517c0698ed966068ab662f339aed0201c24e59374bd209fc15884b169a1bccc_s390x as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-node-feature-discovery@sha256:e517c0698ed966068ab662f339aed0201c24e59374bd209fc15884b169a1bccc_s390x, openshift4/ose-node-feature-discovery@sha256:e517c0698ed966068ab662f339aed0201c24e59374bd209fc15884b169a1bccc_s390x, * |
| Red Hat | openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:21be12970c217b43a72dc9520a2fadfc89264da5c8b84e443c6a82de84b31289_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:21be12970c217b43a72dc9520a2fadfc89264da5c8b84e443c6a82de84b31289_arm64, openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:21be12970c217b43a72dc9520a2fadfc89264da5c8b84e443c6a82de84b31289_arm64, openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:21be12970c217b43a72dc9520a2fadfc89264da5c8b84e443c6a82de84b31289_arm64 |
| Red Hat | openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:f2c0a1728a9fbd297913e306e38092a1ecbfaab1193014f2bdf2e64a3355c159_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | *, *, * |
| Red Hat | openshift4/ose-sriov-cni@sha256:fc89b8f21f6e51eb4cadf92031f03dd1e00f31e28476a1a54abcd956a39df92a_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | *, openshift4/ose-sriov-cni@sha256:fc89b8f21f6e51eb4cadf92031f03dd1e00f31e28476a1a54abcd956a39df92a_arm64, openshift4/ose-sriov-cni@sha256:fc89b8f21f6e51eb4cadf92031f03dd1e00f31e28476a1a54abcd956a39df92a_arm64 |
…and 327 more
Timeline
- Dec 6, 2023 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- May 21, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2023:7607 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2243296 issue
- https://issues.redhat.com/browse/OCPBUGS-22370 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7607.json advisory
- https://access.redhat.com/security/cve/CVE-2023-39325 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-39325 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-39325 advisory
- https://access.redhat.com/security/cve/CVE-2023-44487 advisory
- https://go.dev/issue/63417 advisory
- https://pkg.go.dev/vuln/GO-2023-2102 advisory
- https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 advisory