RHSA-2023%3A7831
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/ose-installer@sha256:9ff299b9a0d0ab0e1f8a9dee7665913fd75b0ea1aeca645cf79f583ea7a9a64e_arm64 as a component of Red Hat OpenShift Container Platform 4.14 | *, openshift4/ose-installer@sha256:9ff299b9a0d0ab0e1f8a9dee7665913fd75b0ea1aeca645cf79f583ea7a9a64e_arm64, openshift4/ose-installer@sha256:9ff299b9a0d0ab0e1f8a9dee7665913fd75b0ea1aeca645cf79f583ea7a9a64e_arm64 |
| Red Hat | rhcos@sha256:c63c7862ff0cfcc00e91ae6c4d10270e5044c5dc31d4f380ff357a6f7369f849_x86_64 as a component of Red Hat OpenShift Container Platform 4.14 | *, *, rhcos@sha256:c63c7862ff0cfcc00e91ae6c4d10270e5044c5dc31d4f380ff357a6f7369f849_x86_64 |
| Red Hat | openshift4/ose-installer@sha256:3594ff65c1f719d381dc980987ac6c35646f275678dd7fe1d1067f6105fce0aa_amd64 as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-installer@sha256:3594ff65c1f719d381dc980987ac6c35646f275678dd7fe1d1067f6105fce0aa_amd64, *, * |
| Red Hat | openshift4/ose-telemeter@sha256:da9378f0f0ec61e3f30433691bb5a9e6b703cb0a521346af2a4cd973f9853103_ppc64le as a component of Red Hat OpenShift Container Platform 4.14 | *, openshift4/ose-telemeter@sha256:da9378f0f0ec61e3f30433691bb5a9e6b703cb0a521346af2a4cd973f9853103_ppc64le, openshift4/ose-telemeter@sha256:da9378f0f0ec61e3f30433691bb5a9e6b703cb0a521346af2a4cd973f9853103_ppc64le |
| Red Hat | openshift4/ose-sdn-rhel8@sha256:1cee8dde41fdcaa6ec80f84524269343266e617a2e183a7d48154412ab24d770_amd64 as a component of Red Hat OpenShift Container Platform 4.14 | *, openshift4/ose-sdn-rhel8@sha256:1cee8dde41fdcaa6ec80f84524269343266e617a2e183a7d48154412ab24d770_amd64, openshift4/ose-sdn-rhel8@sha256:1cee8dde41fdcaa6ec80f84524269343266e617a2e183a7d48154412ab24d770_amd64 |
| Red Hat | openshift4/ose-powervs-block-csi-driver-rhel8@sha256:227e7506c5b4f6808aed625382a3a0d2e5682ca83dda9042151d8b7a07ec7fd2_amd64 as a component of Red Hat OpenShift Container Platform 4.14 | *, *, openshift4/ose-powervs-block-csi-driver-rhel8@sha256:227e7506c5b4f6808aed625382a3a0d2e5682ca83dda9042151d8b7a07ec7fd2_amd64 |
| Red Hat | openshift4/ose-machine-api-provider-openstack-rhel8@sha256:55639301a0de61e13ca93c81e1777858a321ba44b7b49c76e06b32700b5bd9f4_ppc64le as a component of Red Hat OpenShift Container Platform 4.14 | *, openshift4/ose-machine-api-provider-openstack-rhel8@sha256:55639301a0de61e13ca93c81e1777858a321ba44b7b49c76e06b32700b5bd9f4_ppc64le, * |
| Red Hat | rhcos@sha256:c63c7862ff0cfcc00e91ae6c4d10270e5044c5dc31d4f380ff357a6f7369f849_x86_64 as a component of Red Hat OpenShift Container Platform 4.14 | rhcos@sha256:c63c7862ff0cfcc00e91ae6c4d10270e5044c5dc31d4f380ff357a6f7369f849_x86_64, rhcos@sha256:c63c7862ff0cfcc00e91ae6c4d10270e5044c5dc31d4f380ff357a6f7369f849_x86_64, * |
| Red Hat | openshift4/ose-installer-artifacts@sha256:69d1175a1aa3643253c9961dfa09b770a1293181cad3b54415052c5afa528930_arm64 as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-installer-artifacts@sha256:69d1175a1aa3643253c9961dfa09b770a1293181cad3b54415052c5afa528930_arm64, openshift4/ose-installer-artifacts@sha256:69d1175a1aa3643253c9961dfa09b770a1293181cad3b54415052c5afa528930_arm64, * |
| Red Hat | openshift4/ose-agent-installer-api-server-rhel8@sha256:49e4f23b436aacca68dfd65f9556ef44d22d29fa244077267bd8c1e81354f462_s390x as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-agent-installer-api-server-rhel8@sha256:49e4f23b436aacca68dfd65f9556ef44d22d29fa244077267bd8c1e81354f462_s390x, openshift4/ose-agent-installer-api-server-rhel8@sha256:49e4f23b436aacca68dfd65f9556ef44d22d29fa244077267bd8c1e81354f462_s390x, openshift4/ose-agent-installer-api-server-rhel8@sha256:49e4f23b436aacca68dfd65f9556ef44d22d29fa244077267bd8c1e81354f462_s390x |
| Red Hat | openshift4/ose-installer-artifacts@sha256:0636750c6fd295a0999340016e23d4674d42d388a9057ccdbcd5e2fe336f06db_amd64 as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-installer-artifacts@sha256:0636750c6fd295a0999340016e23d4674d42d388a9057ccdbcd5e2fe336f06db_amd64, openshift4/ose-installer-artifacts@sha256:0636750c6fd295a0999340016e23d4674d42d388a9057ccdbcd5e2fe336f06db_amd64, openshift4/ose-installer-artifacts@sha256:0636750c6fd295a0999340016e23d4674d42d388a9057ccdbcd5e2fe336f06db_amd64 |
| Red Hat | openshift4/ose-cluster-network-operator@sha256:b2841953d4a77d05f3ef7ff2ffec64701ca9da942e694de292a68b5c9002ea20_ppc64le as a component of Red Hat OpenShift Container Platform 4.14 | *, *, openshift4/ose-cluster-network-operator@sha256:b2841953d4a77d05f3ef7ff2ffec64701ca9da942e694de292a68b5c9002ea20_ppc64le |
| Red Hat | openshift4/ose-installer-artifacts@sha256:cdaf3811a7d0575c6c56b382cae735a4f7ccc66b373deae21cd79510ae02e688_ppc64le as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-installer-artifacts@sha256:cdaf3811a7d0575c6c56b382cae735a4f7ccc66b373deae21cd79510ae02e688_ppc64le, *, openshift4/ose-installer-artifacts@sha256:cdaf3811a7d0575c6c56b382cae735a4f7ccc66b373deae21cd79510ae02e688_ppc64le |
| Red Hat | openshift4/ose-telemeter@sha256:d100636976716b2c96dc7f5d3191f26f2c7055b7182c36c53473ace86182189e_amd64 as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-telemeter@sha256:d100636976716b2c96dc7f5d3191f26f2c7055b7182c36c53473ace86182189e_amd64, *, * |
| Red Hat | openshift4/ose-console@sha256:6b3e6cf90e97a6338f3b5315a1715207e5fd7f52d11af837010234f4d297f483_arm64 as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-console@sha256:6b3e6cf90e97a6338f3b5315a1715207e5fd7f52d11af837010234f4d297f483_arm64, openshift4/ose-console@sha256:6b3e6cf90e97a6338f3b5315a1715207e5fd7f52d11af837010234f4d297f483_arm64, * |
| Red Hat | openshift4/ose-powervs-cloud-controller-manager-rhel8@sha256:e2ba4413af0d647711f7429a62f6798f8fa7918929e8b91e0c9f32cec2448dd4_ppc64le as a component of Red Hat OpenShift Container Platform 4.14 | *, *, openshift4/ose-powervs-cloud-controller-manager-rhel8@sha256:e2ba4413af0d647711f7429a62f6798f8fa7918929e8b91e0c9f32cec2448dd4_ppc64le |
| Red Hat | openshift4/ose-sdn-rhel8@sha256:1cee8dde41fdcaa6ec80f84524269343266e617a2e183a7d48154412ab24d770_amd64 as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-sdn-rhel8@sha256:1cee8dde41fdcaa6ec80f84524269343266e617a2e183a7d48154412ab24d770_amd64, openshift4/ose-sdn-rhel8@sha256:1cee8dde41fdcaa6ec80f84524269343266e617a2e183a7d48154412ab24d770_amd64, * |
| Red Hat | openshift4/ose-console-operator@sha256:0b40a2ea8aeae0de82015100f15696766034c9bf6b763f65f6519f416365f567_arm64 as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-console-operator@sha256:0b40a2ea8aeae0de82015100f15696766034c9bf6b763f65f6519f416365f567_arm64, openshift4/ose-console-operator@sha256:0b40a2ea8aeae0de82015100f15696766034c9bf6b763f65f6519f416365f567_arm64, openshift4/ose-console-operator@sha256:0b40a2ea8aeae0de82015100f15696766034c9bf6b763f65f6519f416365f567_arm64 |
| Red Hat | openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8@sha256:c2fde945ab61dd02a81102af3917a4c25759618afda5af650626e4c45015daa6_amd64 as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-vmware-vsphere-csi-driver-operator-rhel8@sha256:c2fde945ab61dd02a81102af3917a4c25759618afda5af650626e4c45015daa6_amd64, *, * |
| Red Hat | openshift4/ose-console@sha256:647563ddc17694e3815b939bf7b3d3fcf16917cd960f9d2b5d97fc85613d07df_ppc64le as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-console@sha256:647563ddc17694e3815b939bf7b3d3fcf16917cd960f9d2b5d97fc85613d07df_ppc64le, *, * |
…and 279 more
Timeline
- Jan 3, 2024 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- May 21, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2023:7831 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2243296 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2245180 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2251198 issue
- https://issues.redhat.com/browse/OCPBUGS-18438 advisory
- https://issues.redhat.com/browse/OCPBUGS-22240 advisory
- https://issues.redhat.com/browse/OCPBUGS-22776 advisory
- https://issues.redhat.com/browse/OCPBUGS-22978 advisory
- https://issues.redhat.com/browse/OCPBUGS-23169 advisory
- https://issues.redhat.com/browse/OCPBUGS-23202 advisory
- https://issues.redhat.com/browse/OCPBUGS-23371 advisory
- https://issues.redhat.com/browse/OCPBUGS-23387 advisory
- https://issues.redhat.com/browse/OCPBUGS-23399 advisory
- https://issues.redhat.com/browse/OCPBUGS-24047 advisory
- https://issues.redhat.com/browse/OCPBUGS-24197 advisory
- https://issues.redhat.com/browse/OCPBUGS-24209 advisory
- https://issues.redhat.com/browse/OCPBUGS-24254 advisory
- https://issues.redhat.com/browse/OCPBUGS-24269 advisory
…and 26 more