RHSA-2024%3A0766
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/ose-gcp-filestore-csi-driver-operator-bundle@sha256:ca0381b535092e1b260a5f4b37b0401eb24f704ed1f33f38ab43d69ed6784e0a_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-gcp-filestore-csi-driver-operator-bundle@sha256:ca0381b535092e1b260a5f4b37b0401eb24f704ed1f33f38ab43d69ed6784e0a_amd64, openshift4/ose-gcp-filestore-csi-driver-operator-bundle@sha256:ca0381b535092e1b260a5f4b37b0401eb24f704ed1f33f38ab43d69ed6784e0a_amd64, * |
| Red Hat | openshift4/ose-aws-efs-csi-driver-operator-bundle@sha256:b7dcc39a068b4b706b36307b255b3997001bd93f403449496dee27edd19fb4ab_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-aws-efs-csi-driver-operator-bundle@sha256:b7dcc39a068b4b706b36307b255b3997001bd93f403449496dee27edd19fb4ab_amd64, openshift4/ose-aws-efs-csi-driver-operator-bundle@sha256:b7dcc39a068b4b706b36307b255b3997001bd93f403449496dee27edd19fb4ab_amd64, openshift4/ose-aws-efs-csi-driver-operator-bundle@sha256:b7dcc39a068b4b706b36307b255b3997001bd93f403449496dee27edd19fb4ab_amd64 |
| Red Hat | openshift4/ose-ptp-rhel9-operator@sha256:7b5d1d62057e450200fb37baf3d4f4111e7738bc3029c735e6de5b1b0710fed8_arm64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-ptp-rhel9-operator@sha256:7b5d1d62057e450200fb37baf3d4f4111e7738bc3029c735e6de5b1b0710fed8_arm64, openshift4/ose-ptp-rhel9-operator@sha256:7b5d1d62057e450200fb37baf3d4f4111e7738bc3029c735e6de5b1b0710fed8_arm64, openshift4/ose-ptp-rhel9-operator@sha256:7b5d1d62057e450200fb37baf3d4f4111e7738bc3029c735e6de5b1b0710fed8_arm64 |
| Red Hat | openshift4/ose-vertical-pod-autoscaler-operator-metadata@sha256:451dcb081b95927c895f69b784cc4d29c2c0075368acc38c99fa09234d191ad0_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-vertical-pod-autoscaler-operator-metadata@sha256:451dcb081b95927c895f69b784cc4d29c2c0075368acc38c99fa09234d191ad0_amd64, openshift4/ose-vertical-pod-autoscaler-operator-metadata@sha256:451dcb081b95927c895f69b784cc4d29c2c0075368acc38c99fa09234d191ad0_amd64, openshift4/ose-vertical-pod-autoscaler-operator-metadata@sha256:451dcb081b95927c895f69b784cc4d29c2c0075368acc38c99fa09234d191ad0_amd64 |
| Red Hat | openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:f7d7c1376a89e246f09e9d8beb4b65c14d12dd072638b226b780f4abe1f45d99_arm64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-aws-efs-csi-driver-rhel8-operator@sha256:f7d7c1376a89e246f09e9d8beb4b65c14d12dd072638b226b780f4abe1f45d99_arm64, *, * |
| Red Hat | openshift4/ose-clusterresourceoverride-operator-bundle@sha256:94e5af0c9d1caea39256063cdbc089bac09d743a9c0b14d403643c5a55af3d9e_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | *, *, * |
| Red Hat | openshift4/ose-secrets-store-csi-driver-operator-bundle@sha256:ff57e48dbd3e1ea53866839482720c83ec1004ee550546021e02ffeb6ddc03a5_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-secrets-store-csi-driver-operator-bundle@sha256:ff57e48dbd3e1ea53866839482720c83ec1004ee550546021e02ffeb6ddc03a5_amd64, openshift4/ose-secrets-store-csi-driver-operator-bundle@sha256:ff57e48dbd3e1ea53866839482720c83ec1004ee550546021e02ffeb6ddc03a5_amd64, * |
| Red Hat | openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:52f97b60aace7aaaa22b5a790c56261dd2ab2d9396b80499ed3985906167f80f_arm64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:52f97b60aace7aaaa22b5a790c56261dd2ab2d9396b80499ed3985906167f80f_arm64, openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:52f97b60aace7aaaa22b5a790c56261dd2ab2d9396b80499ed3985906167f80f_arm64, openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:52f97b60aace7aaaa22b5a790c56261dd2ab2d9396b80499ed3985906167f80f_arm64 |
| Red Hat | openshift4/kubernetes-nmstate-operator-bundle@sha256:311a354ab15895b2ba12b17046aedcc4cd95f384969a74d6decf45ee36875fb1_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/kubernetes-nmstate-operator-bundle@sha256:311a354ab15895b2ba12b17046aedcc4cd95f384969a74d6decf45ee36875fb1_amd64, openshift4/kubernetes-nmstate-operator-bundle@sha256:311a354ab15895b2ba12b17046aedcc4cd95f384969a74d6decf45ee36875fb1_amd64, * |
| Red Hat | openshift4/ose-metallb-operator-bundle@sha256:91d9f032a45c619dfc3ab1110b331a80b746c5547096a9e8f26e1ab0f0dce6ac_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-metallb-operator-bundle@sha256:91d9f032a45c619dfc3ab1110b331a80b746c5547096a9e8f26e1ab0f0dce6ac_amd64, openshift4/ose-metallb-operator-bundle@sha256:91d9f032a45c619dfc3ab1110b331a80b746c5547096a9e8f26e1ab0f0dce6ac_amd64, openshift4/ose-metallb-operator-bundle@sha256:91d9f032a45c619dfc3ab1110b331a80b746c5547096a9e8f26e1ab0f0dce6ac_amd64 |
| Red Hat | openshift4/ose-gcp-filestore-csi-driver-operator-bundle@sha256:ca0381b535092e1b260a5f4b37b0401eb24f704ed1f33f38ab43d69ed6784e0a_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-gcp-filestore-csi-driver-operator-bundle@sha256:ca0381b535092e1b260a5f4b37b0401eb24f704ed1f33f38ab43d69ed6784e0a_amd64, openshift4/ose-gcp-filestore-csi-driver-operator-bundle@sha256:ca0381b535092e1b260a5f4b37b0401eb24f704ed1f33f38ab43d69ed6784e0a_amd64, openshift4/ose-gcp-filestore-csi-driver-operator-bundle@sha256:ca0381b535092e1b260a5f4b37b0401eb24f704ed1f33f38ab43d69ed6784e0a_amd64 |
| Red Hat | openshift4/ose-ptp-rhel9-operator@sha256:23c0816967bb826b4885b5104b584634a76b81d10d1a623f51605023aa8c7fa6_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-ptp-rhel9-operator@sha256:23c0816967bb826b4885b5104b584634a76b81d10d1a623f51605023aa8c7fa6_amd64, *, openshift4/ose-ptp-rhel9-operator@sha256:23c0816967bb826b4885b5104b584634a76b81d10d1a623f51605023aa8c7fa6_amd64 |
| Red Hat | openshift4/ose-ptp-rhel9-operator@sha256:7b5d1d62057e450200fb37baf3d4f4111e7738bc3029c735e6de5b1b0710fed8_arm64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-ptp-rhel9-operator@sha256:7b5d1d62057e450200fb37baf3d4f4111e7738bc3029c735e6de5b1b0710fed8_arm64, *, * |
| Red Hat | openshift4/ose-sriov-network-operator-bundle@sha256:805228e933414ee055fb3d733c6f270f29ac259b36288a8b3c6181f4a94329cc_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-sriov-network-operator-bundle@sha256:805228e933414ee055fb3d733c6f270f29ac259b36288a8b3c6181f4a94329cc_amd64, openshift4/ose-sriov-network-operator-bundle@sha256:805228e933414ee055fb3d733c6f270f29ac259b36288a8b3c6181f4a94329cc_amd64, openshift4/ose-sriov-network-operator-bundle@sha256:805228e933414ee055fb3d733c6f270f29ac259b36288a8b3c6181f4a94329cc_amd64 |
| Red Hat | openshift4/ose-ptp-rhel9-operator@sha256:af40b6ea728a0ab474a53509ba4d944133d1f70710ce99816658ce30ada3f88c_ppc64le as a component of Red Hat OpenShift Container Platform 4.15 | *, *, * |
| Red Hat | openshift4/ose-cloud-event-proxy-rhel9@sha256:3905aee5836e2ce3b9572f5946731329b9b3a31a87e2dd61598ea93053c67918_arm64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-cloud-event-proxy-rhel9@sha256:3905aee5836e2ce3b9572f5946731329b9b3a31a87e2dd61598ea93053c67918_arm64, *, openshift4/ose-cloud-event-proxy-rhel9@sha256:3905aee5836e2ce3b9572f5946731329b9b3a31a87e2dd61598ea93053c67918_arm64 |
| Red Hat | openshift4/ose-cluster-nfd-operator-bundle@sha256:f088af61fabb1c5dd221eb5815a8a0f5dda36805356a642077a0f37efb5cc272_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-cluster-nfd-operator-bundle@sha256:f088af61fabb1c5dd221eb5815a8a0f5dda36805356a642077a0f37efb5cc272_amd64, openshift4/ose-cluster-nfd-operator-bundle@sha256:f088af61fabb1c5dd221eb5815a8a0f5dda36805356a642077a0f37efb5cc272_amd64, openshift4/ose-cluster-nfd-operator-bundle@sha256:f088af61fabb1c5dd221eb5815a8a0f5dda36805356a642077a0f37efb5cc272_amd64 |
| Red Hat | openshift4/kubernetes-nmstate-operator-bundle@sha256:311a354ab15895b2ba12b17046aedcc4cd95f384969a74d6decf45ee36875fb1_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/kubernetes-nmstate-operator-bundle@sha256:311a354ab15895b2ba12b17046aedcc4cd95f384969a74d6decf45ee36875fb1_amd64, *, openshift4/kubernetes-nmstate-operator-bundle@sha256:311a354ab15895b2ba12b17046aedcc4cd95f384969a74d6decf45ee36875fb1_amd64 |
| Red Hat | openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:76b89600c2cbe4f15de39caa3343fd7156a9f0422f46e768c3b2c5ce01919497_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:76b89600c2cbe4f15de39caa3343fd7156a9f0422f46e768c3b2c5ce01919497_amd64, openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:76b89600c2cbe4f15de39caa3343fd7156a9f0422f46e768c3b2c5ce01919497_amd64, openshift4/ose-aws-efs-csi-driver-container-rhel8@sha256:76b89600c2cbe4f15de39caa3343fd7156a9f0422f46e768c3b2c5ce01919497_amd64 |
| Red Hat | openshift4/ose-ptp-rhel9-operator@sha256:23c0816967bb826b4885b5104b584634a76b81d10d1a623f51605023aa8c7fa6_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | *, *, openshift4/ose-ptp-rhel9-operator@sha256:23c0816967bb826b4885b5104b584634a76b81d10d1a623f51605023aa8c7fa6_amd64 |
…and 28 more
Timeline
- Feb 28, 2024 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- May 16, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2024:0766 advisory
- https://access.redhat.com/security/updates/classification/#critical advisory
- https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2243296 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2245180 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2251198 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2254210 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0766.json advisory
- https://access.redhat.com/security/cve/CVE-2023-39325 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-39325 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-39325 advisory
- https://access.redhat.com/security/cve/CVE-2023-44487 advisory
- https://go.dev/issue/63417 advisory
- https://pkg.go.dev/vuln/GO-2023-2102 advisory
- https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 advisory
- https://access.redhat.com/security/cve/CVE-2023-45142 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-45142 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-45142 advisory
- https://github.com/open-telemetry/opentelemetry-go-contrib/security/advisories/GHSA-rcjv-mgp8-qvmr advisory
- https://access.redhat.com/security/cve/CVE-2023-47108 advisory
…and 8 more