RHSA-2023%3A7704
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | container-native-virtualization/mtq-operator-rhel9@sha256:4ae532845b716ffe917e5629e5a8030dd9e78c341b2bb9aef21373f74f2809b2_amd64 as a component of CNV 4.14 for RHEL 9 | *, container-native-virtualization/mtq-operator-rhel9@sha256:4ae532845b716ffe917e5629e5a8030dd9e78c341b2bb9aef21373f74f2809b2_amd64, * |
| Red Hat | container-native-virtualization/virtio-win-rhel9@sha256:e50708b574d9169cf7ea0dc0abd178cefb34ca2e13cb36a0edb84106bb92bee2_arm64 as a component of CNV 4.14 for RHEL 9 | container-native-virtualization/virtio-win-rhel9@sha256:e50708b574d9169cf7ea0dc0abd178cefb34ca2e13cb36a0edb84106bb92bee2_arm64, *, container-native-virtualization/virtio-win-rhel9@sha256:e50708b574d9169cf7ea0dc0abd178cefb34ca2e13cb36a0edb84106bb92bee2_arm64 |
| Red Hat | container-native-virtualization/hco-bundle-registry-rhel9@sha256:cf459590e404430fe69ab849d9abd680debbc215aff21eafade3fd3dfa104ed1_amd64 as a component of CNV 4.14 for RHEL 9 | container-native-virtualization/hco-bundle-registry-rhel9@sha256:cf459590e404430fe69ab849d9abd680debbc215aff21eafade3fd3dfa104ed1_amd64, container-native-virtualization/hco-bundle-registry-rhel9@sha256:cf459590e404430fe69ab849d9abd680debbc215aff21eafade3fd3dfa104ed1_amd64, container-native-virtualization/hco-bundle-registry-rhel9@sha256:cf459590e404430fe69ab849d9abd680debbc215aff21eafade3fd3dfa104ed1_amd64 |
| Red Hat | container-native-virtualization/virt-cdi-importer-rhel9@sha256:0d5b25a35ac1f22b40ce97a1ea9b76f2d75c9e3d96bc6b51c6a1264190297c9e_arm64 as a component of CNV 4.14 for RHEL 9 | container-native-virtualization/virt-cdi-importer-rhel9@sha256:0d5b25a35ac1f22b40ce97a1ea9b76f2d75c9e3d96bc6b51c6a1264190297c9e_arm64, container-native-virtualization/virt-cdi-importer-rhel9@sha256:0d5b25a35ac1f22b40ce97a1ea9b76f2d75c9e3d96bc6b51c6a1264190297c9e_arm64, container-native-virtualization/virt-cdi-importer-rhel9@sha256:0d5b25a35ac1f22b40ce97a1ea9b76f2d75c9e3d96bc6b51c6a1264190297c9e_arm64 |
| Red Hat | container-native-virtualization/kubevirt-template-validator-rhel9@sha256:773d6e6d83644bd640a534aab30fbab82cdf486ed0b4592387f85397a62bd374_amd64 as a component of CNV 4.14 for RHEL 9 | container-native-virtualization/kubevirt-template-validator-rhel9@sha256:773d6e6d83644bd640a534aab30fbab82cdf486ed0b4592387f85397a62bd374_amd64, container-native-virtualization/kubevirt-template-validator-rhel9@sha256:773d6e6d83644bd640a534aab30fbab82cdf486ed0b4592387f85397a62bd374_amd64, container-native-virtualization/kubevirt-template-validator-rhel9@sha256:773d6e6d83644bd640a534aab30fbab82cdf486ed0b4592387f85397a62bd374_amd64 |
| Red Hat | container-native-virtualization/virt-exportproxy-rhel9@sha256:f1005c07b2e2d6ed152accd5bafa33f88214937082c43cb5fcc9d7895e3f942f_arm64 as a component of CNV 4.14 for RHEL 9 | container-native-virtualization/virt-exportproxy-rhel9@sha256:f1005c07b2e2d6ed152accd5bafa33f88214937082c43cb5fcc9d7895e3f942f_arm64, container-native-virtualization/virt-exportproxy-rhel9@sha256:f1005c07b2e2d6ed152accd5bafa33f88214937082c43cb5fcc9d7895e3f942f_arm64, * |
| Red Hat | container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:351fc6af845972da61a843da1f8f8562a90aefee0185409f63cd97558a7145b2_amd64 as a component of CNV 4.14 for RHEL 9 | *, container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:351fc6af845972da61a843da1f8f8562a90aefee0185409f63cd97558a7145b2_amd64, container-native-virtualization/virt-cdi-apiserver-rhel9@sha256:351fc6af845972da61a843da1f8f8562a90aefee0185409f63cd97558a7145b2_amd64 |
| Red Hat | container-native-virtualization/kubemacpool-rhel9@sha256:6a09e826c765dcaae515ab4dda1f2aff3a34c3fe5df66b32fdef7807027657d5_amd64 as a component of CNV 4.14 for RHEL 9 | container-native-virtualization/kubemacpool-rhel9@sha256:6a09e826c765dcaae515ab4dda1f2aff3a34c3fe5df66b32fdef7807027657d5_amd64, container-native-virtualization/kubemacpool-rhel9@sha256:6a09e826c765dcaae515ab4dda1f2aff3a34c3fe5df66b32fdef7807027657d5_amd64, * |
| Red Hat | container-native-virtualization/kubemacpool-rhel9@sha256:36dc46a039352f347554bd214516c8b12f31393f47069e74dee87a8f4f912c83_arm64 as a component of CNV 4.14 for RHEL 9 | container-native-virtualization/kubemacpool-rhel9@sha256:36dc46a039352f347554bd214516c8b12f31393f47069e74dee87a8f4f912c83_arm64, container-native-virtualization/kubemacpool-rhel9@sha256:36dc46a039352f347554bd214516c8b12f31393f47069e74dee87a8f4f912c83_arm64, container-native-virtualization/kubemacpool-rhel9@sha256:36dc46a039352f347554bd214516c8b12f31393f47069e74dee87a8f4f912c83_arm64 |
| Red Hat | container-native-virtualization/virt-handler-rhel9@sha256:4e41ff90f37cbd8b51e2497c788b2ab778d4c40d4e01110b392645c75f30e5c0_arm64 as a component of CNV 4.14 for RHEL 9 | *, container-native-virtualization/virt-handler-rhel9@sha256:4e41ff90f37cbd8b51e2497c788b2ab778d4c40d4e01110b392645c75f30e5c0_arm64, * |
| Red Hat | container-native-virtualization/multus-dynamic-networks-rhel9@sha256:da50b4eda7f24a796cd6a6276ee2dec81ee44fa1e8e0c1460ed8d987ba5ae4bf_amd64 as a component of CNV 4.14 for RHEL 9 | container-native-virtualization/multus-dynamic-networks-rhel9@sha256:da50b4eda7f24a796cd6a6276ee2dec81ee44fa1e8e0c1460ed8d987ba5ae4bf_amd64, *, * |
| Red Hat | container-native-virtualization/hyperconverged-cluster-webhook-rhel9@sha256:28595fa16395c26d64787a6468d5952e430c7e86fd49ad966179e364cd496112_arm64 as a component of CNV 4.14 for RHEL 9 | *, *, * |
| Red Hat | container-native-virtualization/virt-launcher-rhel9@sha256:a04403788a1c429c4dbafe34a3f0380b991b0c69af0707d4d13ec9489f2428ce_amd64 as a component of CNV 4.14 for RHEL 9 | *, container-native-virtualization/virt-launcher-rhel9@sha256:a04403788a1c429c4dbafe34a3f0380b991b0c69af0707d4d13ec9489f2428ce_amd64, container-native-virtualization/virt-launcher-rhel9@sha256:a04403788a1c429c4dbafe34a3f0380b991b0c69af0707d4d13ec9489f2428ce_amd64 |
| Red Hat | container-native-virtualization/cnv-must-gather-rhel9@sha256:97e54f6948e760e83d1a2cb36fdee7167674d1f23a3ba6fc0a133ca800946552_amd64 as a component of CNV 4.14 for RHEL 9 | *, container-native-virtualization/cnv-must-gather-rhel9@sha256:97e54f6948e760e83d1a2cb36fdee7167674d1f23a3ba6fc0a133ca800946552_amd64, container-native-virtualization/cnv-must-gather-rhel9@sha256:97e54f6948e760e83d1a2cb36fdee7167674d1f23a3ba6fc0a133ca800946552_amd64 |
| Red Hat | container-native-virtualization/libguestfs-tools-rhel9@sha256:9e799d8b71b729174467901817772b5960adbe29ade08c84f7abf9a8d90c5fdd_arm64 as a component of CNV 4.14 for RHEL 9 | container-native-virtualization/libguestfs-tools-rhel9@sha256:9e799d8b71b729174467901817772b5960adbe29ade08c84f7abf9a8d90c5fdd_arm64, container-native-virtualization/libguestfs-tools-rhel9@sha256:9e799d8b71b729174467901817772b5960adbe29ade08c84f7abf9a8d90c5fdd_arm64, container-native-virtualization/libguestfs-tools-rhel9@sha256:9e799d8b71b729174467901817772b5960adbe29ade08c84f7abf9a8d90c5fdd_arm64 |
| Red Hat | container-native-virtualization/mtq-lock-server-rhel9@sha256:a4e288ee324061d5446993a31b9893e3297f31c8788f96e998ee930bacc25bf8_amd64 as a component of CNV 4.14 for RHEL 9 | container-native-virtualization/mtq-lock-server-rhel9@sha256:a4e288ee324061d5446993a31b9893e3297f31c8788f96e998ee930bacc25bf8_amd64, container-native-virtualization/mtq-lock-server-rhel9@sha256:a4e288ee324061d5446993a31b9893e3297f31c8788f96e998ee930bacc25bf8_amd64, container-native-virtualization/mtq-lock-server-rhel9@sha256:a4e288ee324061d5446993a31b9893e3297f31c8788f96e998ee930bacc25bf8_amd64 |
| Red Hat | container-native-virtualization/cluster-network-addons-operator-rhel9@sha256:f3666171ccd500b7049a6a5fd00fd48ede1ab1a35a1bc982da2fa1af5af165c9_arm64 as a component of CNV 4.14 for RHEL 9 | *, container-native-virtualization/cluster-network-addons-operator-rhel9@sha256:f3666171ccd500b7049a6a5fd00fd48ede1ab1a35a1bc982da2fa1af5af165c9_arm64, container-native-virtualization/cluster-network-addons-operator-rhel9@sha256:f3666171ccd500b7049a6a5fd00fd48ede1ab1a35a1bc982da2fa1af5af165c9_arm64 |
| Red Hat | container-native-virtualization/multus-dynamic-networks-rhel9@sha256:e9ea60893a3f6f2939cbbd7a7c864cacbc81e24a61d200ce2a72f359ce13222c_arm64 as a component of CNV 4.14 for RHEL 9 | container-native-virtualization/multus-dynamic-networks-rhel9@sha256:e9ea60893a3f6f2939cbbd7a7c864cacbc81e24a61d200ce2a72f359ce13222c_arm64, container-native-virtualization/multus-dynamic-networks-rhel9@sha256:e9ea60893a3f6f2939cbbd7a7c864cacbc81e24a61d200ce2a72f359ce13222c_arm64, * |
| Red Hat | container-native-virtualization/virt-cdi-uploadproxy-rhel9@sha256:4b6c36ac78fa1c93b5296fa83281c0d775e94fe3c261e60cdda0418f163e91a3_arm64 as a component of CNV 4.14 for RHEL 9 | *, container-native-virtualization/virt-cdi-uploadproxy-rhel9@sha256:4b6c36ac78fa1c93b5296fa83281c0d775e94fe3c261e60cdda0418f163e91a3_arm64, container-native-virtualization/virt-cdi-uploadproxy-rhel9@sha256:4b6c36ac78fa1c93b5296fa83281c0d775e94fe3c261e60cdda0418f163e91a3_arm64 |
| Red Hat | container-native-virtualization/virt-cdi-controller-rhel9@sha256:c309e0be5409b143ba6212915ccdf13c812d646684a6a817baba779f0e645ba2_arm64 as a component of CNV 4.14 for RHEL 9 | *, container-native-virtualization/virt-cdi-controller-rhel9@sha256:c309e0be5409b143ba6212915ccdf13c812d646684a6a817baba779f0e645ba2_arm64, container-native-virtualization/virt-cdi-controller-rhel9@sha256:c309e0be5409b143ba6212915ccdf13c812d646684a6a817baba779f0e645ba2_arm64 |
…and 157 more
Timeline
- Dec 7, 2023 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- May 21, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2023:7704 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2156753 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2223411 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2231479 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2237470 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2237877 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2238786 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2238791 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2241658 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2241953 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2242803 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2243296 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2244869 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2247200 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2247657 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2249846 issue
- https://issues.redhat.com/browse/CNV-31077 advisory
- https://issues.redhat.com/browse/CNV-31675 advisory
…and 30 more