RHSA-2023%3A7690
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/ose-sriov-infiniband-cni@sha256:f5a49fd6d51c37b8286fe0d71d9c03720351b51e74731f377cbcee38ea2fa1d9_arm64 as a component of Red Hat OpenShift Container Platform 4.11 | openshift4/ose-sriov-infiniband-cni@sha256:f5a49fd6d51c37b8286fe0d71d9c03720351b51e74731f377cbcee38ea2fa1d9_arm64, openshift4/ose-sriov-infiniband-cni@sha256:f5a49fd6d51c37b8286fe0d71d9c03720351b51e74731f377cbcee38ea2fa1d9_arm64, openshift4/ose-sriov-infiniband-cni@sha256:f5a49fd6d51c37b8286fe0d71d9c03720351b51e74731f377cbcee38ea2fa1d9_arm64 |
| Red Hat | openshift4/ose-local-storage-mustgather-rhel8@sha256:3e391b1957dd60d2ca61241dc68d19ec0b990ba40ca6a074ee466bfcea14227f_amd64 as a component of Red Hat OpenShift Container Platform 4.11 | openshift4/ose-local-storage-mustgather-rhel8@sha256:3e391b1957dd60d2ca61241dc68d19ec0b990ba40ca6a074ee466bfcea14227f_amd64, openshift4/ose-local-storage-mustgather-rhel8@sha256:3e391b1957dd60d2ca61241dc68d19ec0b990ba40ca6a074ee466bfcea14227f_amd64, openshift4/ose-local-storage-mustgather-rhel8@sha256:3e391b1957dd60d2ca61241dc68d19ec0b990ba40ca6a074ee466bfcea14227f_amd64 |
| Red Hat | openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:89b14f74eb38fcbe8debc43066c5b7ade4a8c4148c292b2c1d7e1c55637fc336_amd64 as a component of Red Hat OpenShift Container Platform 4.11 | *, *, openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:89b14f74eb38fcbe8debc43066c5b7ade4a8c4148c292b2c1d7e1c55637fc336_amd64 |
| Red Hat | openshift4/ose-sriov-network-operator@sha256:7a22f40bc2271c4574867aadd4b40180252d919acd6cbd8532169c985ff0ac04_amd64 as a component of Red Hat OpenShift Container Platform 4.11 | openshift4/ose-sriov-network-operator@sha256:7a22f40bc2271c4574867aadd4b40180252d919acd6cbd8532169c985ff0ac04_amd64, openshift4/ose-sriov-network-operator@sha256:7a22f40bc2271c4574867aadd4b40180252d919acd6cbd8532169c985ff0ac04_amd64, openshift4/ose-sriov-network-operator@sha256:7a22f40bc2271c4574867aadd4b40180252d919acd6cbd8532169c985ff0ac04_amd64 |
| Red Hat | openshift4/metallb-rhel8@sha256:53cf9311516309bae94d028f930202c947e2ff0842381f80d32194f2e4acc6c7_ppc64le as a component of Red Hat OpenShift Container Platform 4.11 | openshift4/metallb-rhel8@sha256:53cf9311516309bae94d028f930202c947e2ff0842381f80d32194f2e4acc6c7_ppc64le, openshift4/metallb-rhel8@sha256:53cf9311516309bae94d028f930202c947e2ff0842381f80d32194f2e4acc6c7_ppc64le, * |
| Red Hat | openshift4/ose-local-storage-diskmaker@sha256:9a07e68e59043fcb2ebcf68e73b625be8755c94007d8934436eeae87696d8d36_ppc64le as a component of Red Hat OpenShift Container Platform 4.11 | openshift4/ose-local-storage-diskmaker@sha256:9a07e68e59043fcb2ebcf68e73b625be8755c94007d8934436eeae87696d8d36_ppc64le, openshift4/ose-local-storage-diskmaker@sha256:9a07e68e59043fcb2ebcf68e73b625be8755c94007d8934436eeae87696d8d36_ppc64le, openshift4/ose-local-storage-diskmaker@sha256:9a07e68e59043fcb2ebcf68e73b625be8755c94007d8934436eeae87696d8d36_ppc64le |
| Red Hat | openshift4/kubernetes-nmstate-rhel8-operator@sha256:7a51c3e69462a67ff593773b2ee9788e1d3896e1bf0deaa40e558cb13687149c_s390x as a component of Red Hat OpenShift Container Platform 4.11 | openshift4/kubernetes-nmstate-rhel8-operator@sha256:7a51c3e69462a67ff593773b2ee9788e1d3896e1bf0deaa40e558cb13687149c_s390x, openshift4/kubernetes-nmstate-rhel8-operator@sha256:7a51c3e69462a67ff593773b2ee9788e1d3896e1bf0deaa40e558cb13687149c_s390x, openshift4/kubernetes-nmstate-rhel8-operator@sha256:7a51c3e69462a67ff593773b2ee9788e1d3896e1bf0deaa40e558cb13687149c_s390x |
| Red Hat | openshift4/ose-node-problem-detector-rhel8@sha256:d0379043888c59cd070f51aa900671699762976251e7b6c956b75101fe94f37d_amd64 as a component of Red Hat OpenShift Container Platform 4.11 | openshift4/ose-node-problem-detector-rhel8@sha256:d0379043888c59cd070f51aa900671699762976251e7b6c956b75101fe94f37d_amd64, *, openshift4/ose-node-problem-detector-rhel8@sha256:d0379043888c59cd070f51aa900671699762976251e7b6c956b75101fe94f37d_amd64 |
| Red Hat | openshift4/ose-contour-rhel8@sha256:87a230a329e9a258f3f00f718afe9b77d81ab5578b87073f2e1450f55e252532_arm64 as a component of Red Hat OpenShift Container Platform 4.11 | *, *, * |
| Red Hat | openshift4/ose-openshift-proxy-pull-test-rhel8@sha256:e275e4686517bb761e04df598538546758acf910221603d12fd9647a27c8569f_amd64 as a component of Red Hat OpenShift Container Platform 4.11 | *, openshift4/ose-openshift-proxy-pull-test-rhel8@sha256:e275e4686517bb761e04df598538546758acf910221603d12fd9647a27c8569f_amd64, openshift4/ose-openshift-proxy-pull-test-rhel8@sha256:e275e4686517bb761e04df598538546758acf910221603d12fd9647a27c8569f_amd64 |
| Red Hat | openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:2cfd6687d01f12caafe3140e3274a1e59af5c3f1d0c1d3d265f3d714674dd009_ppc64le as a component of Red Hat OpenShift Container Platform 4.11 | openshift4/ose-vertical-pod-autoscaler-rhel8-operator@sha256:2cfd6687d01f12caafe3140e3274a1e59af5c3f1d0c1d3d265f3d714674dd009_ppc64le, *, * |
| Red Hat | openshift4/ose-egress-dns-proxy@sha256:9ad3219f6477f2eb6508e5cd46e138a435456e02efa0d26cc4cb7c5f2c5f3e15_s390x as a component of Red Hat OpenShift Container Platform 4.11 | openshift4/ose-egress-dns-proxy@sha256:9ad3219f6477f2eb6508e5cd46e138a435456e02efa0d26cc4cb7c5f2c5f3e15_s390x, openshift4/ose-egress-dns-proxy@sha256:9ad3219f6477f2eb6508e5cd46e138a435456e02efa0d26cc4cb7c5f2c5f3e15_s390x, * |
| Red Hat | openshift4/ose-local-storage-mustgather-rhel8@sha256:a8500d5ea7805356604ff5149e7cea6fc0e26f50285e402f3152cc187926133a_arm64 as a component of Red Hat OpenShift Container Platform 4.11 | openshift4/ose-local-storage-mustgather-rhel8@sha256:a8500d5ea7805356604ff5149e7cea6fc0e26f50285e402f3152cc187926133a_arm64, openshift4/ose-local-storage-mustgather-rhel8@sha256:a8500d5ea7805356604ff5149e7cea6fc0e26f50285e402f3152cc187926133a_arm64, openshift4/ose-local-storage-mustgather-rhel8@sha256:a8500d5ea7805356604ff5149e7cea6fc0e26f50285e402f3152cc187926133a_arm64 |
| Red Hat | openshift4/ose-ptp@sha256:06ade8694d1a1454966d67e3e5606bde83addb6efc322d01fe77da15297a6c7b_ppc64le as a component of Red Hat OpenShift Container Platform 4.11 | openshift4/ose-ptp@sha256:06ade8694d1a1454966d67e3e5606bde83addb6efc322d01fe77da15297a6c7b_ppc64le, openshift4/ose-ptp@sha256:06ade8694d1a1454966d67e3e5606bde83addb6efc322d01fe77da15297a6c7b_ppc64le, * |
| Red Hat | openshift-tech-preview/metallb-rhel8@sha256:790a185c4dfe9a0fce76537c3bafaf594b630be6a7f1a7a9b3796b33e154c405_arm64 as a component of Red Hat OpenShift Container Platform 4.11 | *, *, * |
| Red Hat | openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:4ca841bf59121e9a7f8f062b17ebbfad76a2ff1fcec2c1cac998b0d9a83e42e1_arm64 as a component of Red Hat OpenShift Container Platform 4.11 | *, openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:4ca841bf59121e9a7f8f062b17ebbfad76a2ff1fcec2c1cac998b0d9a83e42e1_arm64, openshift4/ose-vertical-pod-autoscaler-rhel8@sha256:4ca841bf59121e9a7f8f062b17ebbfad76a2ff1fcec2c1cac998b0d9a83e42e1_arm64 |
| Red Hat | openshift4/ose-node-feature-discovery@sha256:9665e6fe7a6d0cb728c5458bd961be08d2d80b6a268ac702d4c6ff745d2eb04f_amd64 as a component of Red Hat OpenShift Container Platform 4.11 | *, openshift4/ose-node-feature-discovery@sha256:9665e6fe7a6d0cb728c5458bd961be08d2d80b6a268ac702d4c6ff745d2eb04f_amd64, * |
| Red Hat | openshift-tech-preview/metallb-rhel8@sha256:a3b04a273e44d26a5c7b29de2ed842a3c600d4561588dc648efba919bff2a9e6_amd64 as a component of Red Hat OpenShift Container Platform 4.11 | *, openshift-tech-preview/metallb-rhel8@sha256:a3b04a273e44d26a5c7b29de2ed842a3c600d4561588dc648efba919bff2a9e6_amd64, * |
| Red Hat | openshift4/ose-egress-dns-proxy@sha256:4628e82e7122adb3d4617ae187e2469f6f889eec51a2f9d6981d9f75eb9762b1_amd64 as a component of Red Hat OpenShift Container Platform 4.11 | openshift4/ose-egress-dns-proxy@sha256:4628e82e7122adb3d4617ae187e2469f6f889eec51a2f9d6981d9f75eb9762b1_amd64, openshift4/ose-egress-dns-proxy@sha256:4628e82e7122adb3d4617ae187e2469f6f889eec51a2f9d6981d9f75eb9762b1_amd64, openshift4/ose-egress-dns-proxy@sha256:4628e82e7122adb3d4617ae187e2469f6f889eec51a2f9d6981d9f75eb9762b1_amd64 |
| Red Hat | openshift4/ose-operator-sdk-rhel8@sha256:78d406d7a0d74dd98310b0fe5f10e4f8794cd71070d300abaa7a8d32150699ca_amd64 as a component of Red Hat OpenShift Container Platform 4.11 | openshift4/ose-operator-sdk-rhel8@sha256:78d406d7a0d74dd98310b0fe5f10e4f8794cd71070d300abaa7a8d32150699ca_amd64, openshift4/ose-operator-sdk-rhel8@sha256:78d406d7a0d74dd98310b0fe5f10e4f8794cd71070d300abaa7a8d32150699ca_amd64, openshift4/ose-operator-sdk-rhel8@sha256:78d406d7a0d74dd98310b0fe5f10e4f8794cd71070d300abaa7a8d32150699ca_amd64 |
…and 319 more
Timeline
- Dec 13, 2023 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- May 21, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2023:7690 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2243296 issue
- https://issues.redhat.com/browse/OCPBUGS-22907 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7690.json advisory
- https://access.redhat.com/security/cve/CVE-2023-39325 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-39325 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-39325 advisory
- https://access.redhat.com/security/cve/CVE-2023-44487 advisory
- https://go.dev/issue/63417 advisory
- https://pkg.go.dev/vuln/GO-2023-2102 advisory
- https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 advisory