RHSA-2024%3A0642
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/ose-cluster-node-tuning-rhel9-operator@sha256:e58075b8c9d3f3fb587e227b501f3e62fb3164e04c360dfd17f1dc6b6d5c5c67_amd64 as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-cluster-node-tuning-rhel9-operator@sha256:e58075b8c9d3f3fb587e227b501f3e62fb3164e04c360dfd17f1dc6b6d5c5c67_amd64, *, openshift4/ose-cluster-node-tuning-rhel9-operator@sha256:e58075b8c9d3f3fb587e227b501f3e62fb3164e04c360dfd17f1dc6b6d5c5c67_amd64 |
| Red Hat | openshift4/ose-csi-external-resizer-rhel8@sha256:64b80850a6cbee0be9803b63774855fce344a4d669404a8c6698f87c5ac5494f_arm64 as a component of Red Hat OpenShift Container Platform 4.14 | *, openshift4/ose-csi-external-resizer-rhel8@sha256:64b80850a6cbee0be9803b63774855fce344a4d669404a8c6698f87c5ac5494f_arm64, openshift4/ose-csi-external-resizer-rhel8@sha256:64b80850a6cbee0be9803b63774855fce344a4d669404a8c6698f87c5ac5494f_arm64 |
| Red Hat | rhcos@sha256:58fc20d41678df312fd4280ad5d39c6f14626fe6872ee619f208f853ff568302_s390x as a component of Red Hat OpenShift Container Platform 4.14 | rhcos@sha256:58fc20d41678df312fd4280ad5d39c6f14626fe6872ee619f208f853ff568302_s390x, rhcos@sha256:58fc20d41678df312fd4280ad5d39c6f14626fe6872ee619f208f853ff568302_s390x, rhcos@sha256:58fc20d41678df312fd4280ad5d39c6f14626fe6872ee619f208f853ff568302_s390x |
| Red Hat | openshift4/openshift-route-controller-manager-rhel8@sha256:09686eac1b625f6c58c38331541d79d8a4769fd35277e00d43f1cbfc06b0d19e_s390x as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/openshift-route-controller-manager-rhel8@sha256:09686eac1b625f6c58c38331541d79d8a4769fd35277e00d43f1cbfc06b0d19e_s390x, openshift4/openshift-route-controller-manager-rhel8@sha256:09686eac1b625f6c58c38331541d79d8a4769fd35277e00d43f1cbfc06b0d19e_s390x, openshift4/openshift-route-controller-manager-rhel8@sha256:09686eac1b625f6c58c38331541d79d8a4769fd35277e00d43f1cbfc06b0d19e_s390x |
| Red Hat | openshift4/ose-ovn-kubernetes-rhel9@sha256:6220c898c05f6eeb0abc18c14d380c50e1e6a5ca0e12508c811c0e00bbef96a8_amd64 as a component of Red Hat OpenShift Container Platform 4.14 | *, openshift4/ose-ovn-kubernetes-rhel9@sha256:6220c898c05f6eeb0abc18c14d380c50e1e6a5ca0e12508c811c0e00bbef96a8_amd64, openshift4/ose-ovn-kubernetes-rhel9@sha256:6220c898c05f6eeb0abc18c14d380c50e1e6a5ca0e12508c811c0e00bbef96a8_amd64 |
| Red Hat | openshift4/oc-mirror-plugin-rhel8@sha256:a8ba802b95e3f65b56041a70d36b614863802cce37e550ff726f763edee29bc5_arm64 as a component of Red Hat OpenShift Container Platform 4.14 | *, openshift4/oc-mirror-plugin-rhel8@sha256:a8ba802b95e3f65b56041a70d36b614863802cce37e550ff726f763edee29bc5_arm64, openshift4/oc-mirror-plugin-rhel8@sha256:a8ba802b95e3f65b56041a70d36b614863802cce37e550ff726f763edee29bc5_arm64 |
| Red Hat | openshift4/ose-keepalived-ipfailover@sha256:3c239391479f3c387a03f87d64fd64a53d34564a203c7c70ff0463d4ede3cfcd_amd64 as a component of Red Hat OpenShift Container Platform 4.14 | *, openshift4/ose-keepalived-ipfailover@sha256:3c239391479f3c387a03f87d64fd64a53d34564a203c7c70ff0463d4ede3cfcd_amd64, openshift4/ose-keepalived-ipfailover@sha256:3c239391479f3c387a03f87d64fd64a53d34564a203c7c70ff0463d4ede3cfcd_amd64 |
| Red Hat | openshift4/ose-oauth-server-rhel8@sha256:64d4440b4c638608d0fb882d9226470a1bbf15dbe5607a7f636a1e261b96193d_amd64 as a component of Red Hat OpenShift Container Platform 4.14 | *, *, openshift4/ose-oauth-server-rhel8@sha256:64d4440b4c638608d0fb882d9226470a1bbf15dbe5607a7f636a1e261b96193d_amd64 |
| Red Hat | openshift4/ose-kube-state-metrics@sha256:5eb8e21c85673026ad78219c924b0a42418ab437663d44d6f5b445edefad26c5_s390x as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-kube-state-metrics@sha256:5eb8e21c85673026ad78219c924b0a42418ab437663d44d6f5b445edefad26c5_s390x, *, * |
| Red Hat | openshift4/ose-baremetal-rhel8-operator@sha256:fc6d11753f72c4da2f7f700d5202b789c2b3a18301e460f2385fa9056a149465_ppc64le as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-baremetal-rhel8-operator@sha256:fc6d11753f72c4da2f7f700d5202b789c2b3a18301e460f2385fa9056a149465_ppc64le, *, * |
| Red Hat | openshift4/ose-operator-marketplace@sha256:fe43838aa24419bac0d1459db427d20502ddfddf2c7af208f76d31711c9aa057_arm64 as a component of Red Hat OpenShift Container Platform 4.14 | *, openshift4/ose-operator-marketplace@sha256:fe43838aa24419bac0d1459db427d20502ddfddf2c7af208f76d31711c9aa057_arm64, * |
| Red Hat | openshift4/ose-agent-installer-orchestrator-rhel8@sha256:8d48aeb6c5b32831fe30e68f1a77f04359a161714e15f583b182306a680cde39_s390x as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-agent-installer-orchestrator-rhel8@sha256:8d48aeb6c5b32831fe30e68f1a77f04359a161714e15f583b182306a680cde39_s390x, openshift4/ose-agent-installer-orchestrator-rhel8@sha256:8d48aeb6c5b32831fe30e68f1a77f04359a161714e15f583b182306a680cde39_s390x, * |
| Red Hat | openshift4/driver-toolkit-rhel9@sha256:01fd25dae5a3868364640e9eb3d1fb0494fc8473d4f5e037463fe0b3b36999f5_ppc64le as a component of Red Hat OpenShift Container Platform 4.14 | *, *, * |
| Red Hat | openshift4/ose-k8s-prometheus-adapter@sha256:ef2a7455dfa69efc46ccf08fc69235dcb0a8d3980fa86db198aa4759390533d1_s390x as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-k8s-prometheus-adapter@sha256:ef2a7455dfa69efc46ccf08fc69235dcb0a8d3980fa86db198aa4759390533d1_s390x, *, openshift4/ose-k8s-prometheus-adapter@sha256:ef2a7455dfa69efc46ccf08fc69235dcb0a8d3980fa86db198aa4759390533d1_s390x |
| Red Hat | openshift4/ose-prometheus-operator-admission-webhook-rhel8@sha256:60aaf764966650fc8df0e1df16e843419ff6d16872e8a6543b16ac29dfa1573b_s390x as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-prometheus-operator-admission-webhook-rhel8@sha256:60aaf764966650fc8df0e1df16e843419ff6d16872e8a6543b16ac29dfa1573b_s390x, *, openshift4/ose-prometheus-operator-admission-webhook-rhel8@sha256:60aaf764966650fc8df0e1df16e843419ff6d16872e8a6543b16ac29dfa1573b_s390x |
| Red Hat | openshift4/ose-ovn-kubernetes@sha256:144e5b178dd7953f901c855b4cae7b0ce3671e161a15ca775030f75d6c140856_ppc64le as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-ovn-kubernetes@sha256:144e5b178dd7953f901c855b4cae7b0ce3671e161a15ca775030f75d6c140856_ppc64le, *, * |
| Red Hat | openshift4/ose-prometheus-alertmanager@sha256:00c9a04ec32aac62c3c29c17b99662b0a21145af65c090e0ea8a03694e1a6a6d_arm64 as a component of Red Hat OpenShift Container Platform 4.14 | *, openshift4/ose-prometheus-alertmanager@sha256:00c9a04ec32aac62c3c29c17b99662b0a21145af65c090e0ea8a03694e1a6a6d_arm64, openshift4/ose-prometheus-alertmanager@sha256:00c9a04ec32aac62c3c29c17b99662b0a21145af65c090e0ea8a03694e1a6a6d_arm64 |
| Red Hat | openshift4/ose-ibmcloud-cluster-api-controllers-rhel8@sha256:d34ce17f83e5ca28e4530855fb4a5b2be45f2262764d47004076c1cacf0d5328_s390x as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-ibmcloud-cluster-api-controllers-rhel8@sha256:d34ce17f83e5ca28e4530855fb4a5b2be45f2262764d47004076c1cacf0d5328_s390x, *, openshift4/ose-ibmcloud-cluster-api-controllers-rhel8@sha256:d34ce17f83e5ca28e4530855fb4a5b2be45f2262764d47004076c1cacf0d5328_s390x |
| Red Hat | openshift4/ose-machine-api-provider-openstack-rhel8@sha256:4ae54c3c767162894d9a85652ba9a685e0c48824412bacd5ca1b11deb967b57f_ppc64le as a component of Red Hat OpenShift Container Platform 4.14 | openshift4/ose-machine-api-provider-openstack-rhel8@sha256:4ae54c3c767162894d9a85652ba9a685e0c48824412bacd5ca1b11deb967b57f_ppc64le, openshift4/ose-machine-api-provider-openstack-rhel8@sha256:4ae54c3c767162894d9a85652ba9a685e0c48824412bacd5ca1b11deb967b57f_ppc64le, openshift4/ose-machine-api-provider-openstack-rhel8@sha256:4ae54c3c767162894d9a85652ba9a685e0c48824412bacd5ca1b11deb967b57f_ppc64le |
| Red Hat | openshift4/ose-cluster-platform-operators-manager-rhel8@sha256:30c27fb68e61a55c0b6af835a706b82900576de8b07e6706b52839d222ce7a8a_s390x as a component of Red Hat OpenShift Container Platform 4.14 | *, openshift4/ose-cluster-platform-operators-manager-rhel8@sha256:30c27fb68e61a55c0b6af835a706b82900576de8b07e6706b52839d222ce7a8a_s390x, openshift4/ose-cluster-platform-operators-manager-rhel8@sha256:30c27fb68e61a55c0b6af835a706b82900576de8b07e6706b52839d222ce7a8a_s390x |
…and 1346 more
Timeline
- Feb 7, 2024 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- May 16, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2024:0642 advisory
- https://access.redhat.com/security/updates/classification/#critical advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2243296 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2245180 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2251198 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2258143 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2258165 issue
- https://issues.redhat.com/browse/OCPBUGS-11385 advisory
- https://issues.redhat.com/browse/OCPBUGS-21795 advisory
- https://issues.redhat.com/browse/OCPBUGS-21812 advisory
- https://issues.redhat.com/browse/OCPBUGS-22315 advisory
- https://issues.redhat.com/browse/OCPBUGS-23395 advisory
- https://issues.redhat.com/browse/OCPBUGS-23498 advisory
- https://issues.redhat.com/browse/OCPBUGS-23500 advisory
- https://issues.redhat.com/browse/OCPBUGS-23738 advisory
- https://issues.redhat.com/browse/OCPBUGS-24307 advisory
- https://issues.redhat.com/browse/OCPBUGS-24315 advisory
- https://issues.redhat.com/browse/OCPBUGS-24401 advisory
- https://issues.redhat.com/browse/OCPBUGS-24423 advisory
- https://issues.redhat.com/browse/OCPBUGS-24521 advisory
…and 52 more