RHSA-2023%3A7703
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift-pipelines/pipelines-rhel8-operator@sha256:d9cc7166cb6805307b4d818520f6c768af426d3814d48c67d936f547b5928a6f_amd64 as a component of OpenShift Pipelines version 1.10 for RHEL 8 | openshift-pipelines/pipelines-rhel8-operator@sha256:d9cc7166cb6805307b4d818520f6c768af426d3814d48c67d936f547b5928a6f_amd64, openshift-pipelines/pipelines-rhel8-operator@sha256:d9cc7166cb6805307b4d818520f6c768af426d3814d48c67d936f547b5928a6f_amd64, openshift-pipelines/pipelines-rhel8-operator@sha256:d9cc7166cb6805307b4d818520f6c768af426d3814d48c67d936f547b5928a6f_amd64 |
| Red Hat | openshift-pipelines/pipelines-hub-api-rhel8@sha256:6f37fa6c5dd5723fa6d1916adb34cb16a5851cf89b09eb176d1140b09f61a67a_amd64 as a component of OpenShift Pipelines version 1.10 for RHEL 8 | openshift-pipelines/pipelines-hub-api-rhel8@sha256:6f37fa6c5dd5723fa6d1916adb34cb16a5851cf89b09eb176d1140b09f61a67a_amd64, openshift-pipelines/pipelines-hub-api-rhel8@sha256:6f37fa6c5dd5723fa6d1916adb34cb16a5851cf89b09eb176d1140b09f61a67a_amd64, openshift-pipelines/pipelines-hub-api-rhel8@sha256:6f37fa6c5dd5723fa6d1916adb34cb16a5851cf89b09eb176d1140b09f61a67a_amd64 |
| Red Hat | openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:e7af42c1db2a7e7b3bef6610b2b02205a8502639f1c074853f7722360701cb04_arm64 as a component of OpenShift Pipelines version 1.10 for RHEL 8 | openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:e7af42c1db2a7e7b3bef6610b2b02205a8502639f1c074853f7722360701cb04_arm64, openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:e7af42c1db2a7e7b3bef6610b2b02205a8502639f1c074853f7722360701cb04_arm64, openshift-pipelines/pipelines-triggers-controller-rhel8@sha256:e7af42c1db2a7e7b3bef6610b2b02205a8502639f1c074853f7722360701cb04_arm64 |
| Red Hat | openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:fb717a9776f71a59df3590ea1ecfe928865c1d30dde524d971e59cc8c7c977b9_arm64 as a component of OpenShift Pipelines version 1.10 for RHEL 8 | openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:fb717a9776f71a59df3590ea1ecfe928865c1d30dde524d971e59cc8c7c977b9_arm64, openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:fb717a9776f71a59df3590ea1ecfe928865c1d30dde524d971e59cc8c7c977b9_arm64, * |
| Red Hat | openshift-pipelines/pipelines-entrypoint-rhel8@sha256:f52bbf4f3a978b0a6ae7bc3c5eb0634d4ee33b5daf3a4f3fa9db1b55e6afccc1_s390x as a component of OpenShift Pipelines version 1.10 for RHEL 8 | openshift-pipelines/pipelines-entrypoint-rhel8@sha256:f52bbf4f3a978b0a6ae7bc3c5eb0634d4ee33b5daf3a4f3fa9db1b55e6afccc1_s390x, *, openshift-pipelines/pipelines-entrypoint-rhel8@sha256:f52bbf4f3a978b0a6ae7bc3c5eb0634d4ee33b5daf3a4f3fa9db1b55e6afccc1_s390x |
| Red Hat | openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:0cf00e26e7cfbf51c59d646a62e1db28040efd19721c1e53aa0204fd1a352d71_s390x as a component of OpenShift Pipelines version 1.10 for RHEL 8 | openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:0cf00e26e7cfbf51c59d646a62e1db28040efd19721c1e53aa0204fd1a352d71_s390x, openshift-pipelines/pipelines-workingdirinit-rhel8@sha256:0cf00e26e7cfbf51c59d646a62e1db28040efd19721c1e53aa0204fd1a352d71_s390x, * |
| Red Hat | openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:eeef43bd829c9e8289edb8b4aafebca84af1c83eefeef708e32450496eda8f1c_arm64 as a component of OpenShift Pipelines version 1.10 for RHEL 8 | openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:eeef43bd829c9e8289edb8b4aafebca84af1c83eefeef708e32450496eda8f1c_arm64, *, openshift-pipelines/pipelines-triggers-core-interceptors-rhel8@sha256:eeef43bd829c9e8289edb8b4aafebca84af1c83eefeef708e32450496eda8f1c_arm64 |
| Red Hat | openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:b23b613e53f8d82f808a56636a23f9311077862291bb6d37eec46a01c71522ca_ppc64le as a component of OpenShift Pipelines version 1.10 for RHEL 8 | openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:b23b613e53f8d82f808a56636a23f9311077862291bb6d37eec46a01c71522ca_ppc64le, *, openshift-pipelines/pipelines-triggers-webhook-rhel8@sha256:b23b613e53f8d82f808a56636a23f9311077862291bb6d37eec46a01c71522ca_ppc64le |
| Red Hat | openshift-pipelines/pipelines-git-init-rhel8@sha256:fcf71347e6d3517a41ffbf30f3cdc2c71e6dc43bf75527abe37d8aa2c8951326_ppc64le as a component of OpenShift Pipelines version 1.10 for RHEL 8 | openshift-pipelines/pipelines-git-init-rhel8@sha256:fcf71347e6d3517a41ffbf30f3cdc2c71e6dc43bf75527abe37d8aa2c8951326_ppc64le, openshift-pipelines/pipelines-git-init-rhel8@sha256:fcf71347e6d3517a41ffbf30f3cdc2c71e6dc43bf75527abe37d8aa2c8951326_ppc64le, openshift-pipelines/pipelines-git-init-rhel8@sha256:fcf71347e6d3517a41ffbf30f3cdc2c71e6dc43bf75527abe37d8aa2c8951326_ppc64le |
| Red Hat | openshift-pipelines/pipelines-git-init-rhel8@sha256:d6cf30ecc2c869a290b2019c762ce7d7de4877f02e453bb144cca7a5f520bff6_arm64 as a component of OpenShift Pipelines version 1.10 for RHEL 8 | openshift-pipelines/pipelines-git-init-rhel8@sha256:d6cf30ecc2c869a290b2019c762ce7d7de4877f02e453bb144cca7a5f520bff6_arm64, *, * |
| Red Hat | openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:382c0866f55be9faa809433525c08c285869d906f2a929be564e0ed9bbaeb35c_ppc64le as a component of OpenShift Pipelines version 1.10 for RHEL 8 | openshift-pipelines/pipelines-cli-tkn-rhel8@sha256:382c0866f55be9faa809433525c08c285869d906f2a929be564e0ed9bbaeb35c_ppc64le, *, * |
| Red Hat | openshift-pipelines/pipelines-entrypoint-rhel8@sha256:f52bbf4f3a978b0a6ae7bc3c5eb0634d4ee33b5daf3a4f3fa9db1b55e6afccc1_s390x as a component of OpenShift Pipelines version 1.10 for RHEL 8 | openshift-pipelines/pipelines-entrypoint-rhel8@sha256:f52bbf4f3a978b0a6ae7bc3c5eb0634d4ee33b5daf3a4f3fa9db1b55e6afccc1_s390x, *, * |
| Red Hat | openshift-pipelines/pipelines-pullrequest-init-rhel8@sha256:bcc488aa0e38847d242bd1bce52a3866d1c350b763f348be9d38c2fe7a503a4e_ppc64le as a component of OpenShift Pipelines version 1.10 for RHEL 8 | openshift-pipelines/pipelines-pullrequest-init-rhel8@sha256:bcc488aa0e38847d242bd1bce52a3866d1c350b763f348be9d38c2fe7a503a4e_ppc64le, openshift-pipelines/pipelines-pullrequest-init-rhel8@sha256:bcc488aa0e38847d242bd1bce52a3866d1c350b763f348be9d38c2fe7a503a4e_ppc64le, openshift-pipelines/pipelines-pullrequest-init-rhel8@sha256:bcc488aa0e38847d242bd1bce52a3866d1c350b763f348be9d38c2fe7a503a4e_ppc64le |
| Red Hat | openshift-pipelines/pipelines-chains-controller-rhel8@sha256:8fefa9f58b08005d8f9f11c722d220062766ee08f96d45151909adb09abda056_amd64 as a component of OpenShift Pipelines version 1.10 for RHEL 8 | *, *, openshift-pipelines/pipelines-chains-controller-rhel8@sha256:8fefa9f58b08005d8f9f11c722d220062766ee08f96d45151909adb09abda056_amd64 |
| Red Hat | openshift-pipelines/pipelines-rhel8-operator@sha256:cf4f19f4fc59790e85fced0b80835d8c9cb9ed401ba7a8dcbce4de4c443932db_arm64 as a component of OpenShift Pipelines version 1.10 for RHEL 8 | openshift-pipelines/pipelines-rhel8-operator@sha256:cf4f19f4fc59790e85fced0b80835d8c9cb9ed401ba7a8dcbce4de4c443932db_arm64, *, * |
| Red Hat | openshift-pipelines/pipelines-rhel8-operator@sha256:9ff683f9a3a7b169db29597334eaea9ae3c3b5646481daa13b0da6ec7c39d0a8_ppc64le as a component of OpenShift Pipelines version 1.10 for RHEL 8 | *, *, openshift-pipelines/pipelines-rhel8-operator@sha256:9ff683f9a3a7b169db29597334eaea9ae3c3b5646481daa13b0da6ec7c39d0a8_ppc64le |
| Red Hat | openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:63c98fc0433535be839093fd0f3800500f84069229dcb33d0eab11a5a53dce2b_amd64 as a component of OpenShift Pipelines version 1.10 for RHEL 8 | openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:63c98fc0433535be839093fd0f3800500f84069229dcb33d0eab11a5a53dce2b_amd64, openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:63c98fc0433535be839093fd0f3800500f84069229dcb33d0eab11a5a53dce2b_amd64, * |
| Red Hat | openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:63c98fc0433535be839093fd0f3800500f84069229dcb33d0eab11a5a53dce2b_amd64 as a component of OpenShift Pipelines version 1.10 for RHEL 8 | openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:63c98fc0433535be839093fd0f3800500f84069229dcb33d0eab11a5a53dce2b_amd64, openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:63c98fc0433535be839093fd0f3800500f84069229dcb33d0eab11a5a53dce2b_amd64, openshift-pipelines/pipelines-operator-proxy-rhel8@sha256:63c98fc0433535be839093fd0f3800500f84069229dcb33d0eab11a5a53dce2b_amd64 |
| Red Hat | openshift-pipelines/pipelines-hub-db-migration-rhel8@sha256:bb8dd2af0b4c223878522730f8b42e944f73226c114b2c4779401ff40c45e56b_amd64 as a component of OpenShift Pipelines version 1.10 for RHEL 8 | *, *, * |
| Red Hat | openshift-pipelines/pipelines-imagedigestexporter-rhel8@sha256:ff40308749c5e5c25ec78bedd7558f76877452fffd65821c4322817bb97348e5_s390x as a component of OpenShift Pipelines version 1.10 for RHEL 8 | openshift-pipelines/pipelines-imagedigestexporter-rhel8@sha256:ff40308749c5e5c25ec78bedd7558f76877452fffd65821c4322817bb97348e5_s390x, openshift-pipelines/pipelines-imagedigestexporter-rhel8@sha256:ff40308749c5e5c25ec78bedd7558f76877452fffd65821c4322817bb97348e5_s390x, openshift-pipelines/pipelines-imagedigestexporter-rhel8@sha256:ff40308749c5e5c25ec78bedd7558f76877452fffd65821c4322817bb97348e5_s390x |
…and 173 more
Timeline
- Dec 7, 2023 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- May 21, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2023:7703 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2242803 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2243296 issue
- https://issues.redhat.com/browse/SRVKP-3609 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2023/rhsa-2023_7703.json advisory
- https://access.redhat.com/security/cve/CVE-2023-39325 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-39325 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-39325 advisory
- https://access.redhat.com/security/cve/CVE-2023-44487 advisory
- https://go.dev/issue/63417 advisory
- https://pkg.go.dev/vuln/GO-2023-2102 advisory
- https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-44487 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-44487 advisory
- https://github.com/dotnet/announcements/issues/277 advisory
- https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/ advisory
- https://www.cisa.gov/known-exploited-vulnerabilities-catalog exploit