RHSA-2024%3A0833
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/ose-cluster-kube-apiserver-operator@sha256:11f96f703bbe324922b9a7d800e82a01d83a76e7da5ec081c69742a484b45c3e_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-cluster-kube-apiserver-operator@sha256:11f96f703bbe324922b9a7d800e82a01d83a76e7da5ec081c69742a484b45c3e_amd64, openshift4/ose-cluster-kube-apiserver-operator@sha256:11f96f703bbe324922b9a7d800e82a01d83a76e7da5ec081c69742a484b45c3e_amd64, openshift4/ose-cluster-kube-apiserver-operator@sha256:11f96f703bbe324922b9a7d800e82a01d83a76e7da5ec081c69742a484b45c3e_amd64 |
| Red Hat | openshift4/ose-cluster-platform-operators-manager-rhel8@sha256:05ebce79c3fc20794ab07a534f3b5ae8a1b435629bc0631dcc8861e5d3927258_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-cluster-platform-operators-manager-rhel8@sha256:05ebce79c3fc20794ab07a534f3b5ae8a1b435629bc0631dcc8861e5d3927258_arm64, openshift4/ose-cluster-platform-operators-manager-rhel8@sha256:05ebce79c3fc20794ab07a534f3b5ae8a1b435629bc0631dcc8861e5d3927258_arm64, openshift4/ose-cluster-platform-operators-manager-rhel8@sha256:05ebce79c3fc20794ab07a534f3b5ae8a1b435629bc0631dcc8861e5d3927258_arm64 |
| Red Hat | openshift4/ose-apiserver-network-proxy-rhel8@sha256:317809553ae0e9b32cb17dd96136ac9169f68aac96e2fa32979b27cae648047e_s390x as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-apiserver-network-proxy-rhel8@sha256:317809553ae0e9b32cb17dd96136ac9169f68aac96e2fa32979b27cae648047e_s390x, openshift4/ose-apiserver-network-proxy-rhel8@sha256:317809553ae0e9b32cb17dd96136ac9169f68aac96e2fa32979b27cae648047e_s390x, * |
| Red Hat | openshift4/ose-oauth-apiserver-rhel8@sha256:e5cac3af0091c7ec58ef73d0be6a4440b2c49002e3958fc2f45b9e69c169772b_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-oauth-apiserver-rhel8@sha256:e5cac3af0091c7ec58ef73d0be6a4440b2c49002e3958fc2f45b9e69c169772b_ppc64le, openshift4/ose-oauth-apiserver-rhel8@sha256:e5cac3af0091c7ec58ef73d0be6a4440b2c49002e3958fc2f45b9e69c169772b_ppc64le, openshift4/ose-oauth-apiserver-rhel8@sha256:e5cac3af0091c7ec58ef73d0be6a4440b2c49002e3958fc2f45b9e69c169772b_ppc64le |
| Red Hat | openshift4/ose-tests@sha256:c5c8160ff39c07250d62d8416fd3b5613eb696bf40cb505d9e118968d9c7cd1c_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-tests@sha256:c5c8160ff39c07250d62d8416fd3b5613eb696bf40cb505d9e118968d9c7cd1c_ppc64le, openshift4/ose-tests@sha256:c5c8160ff39c07250d62d8416fd3b5613eb696bf40cb505d9e118968d9c7cd1c_ppc64le, openshift4/ose-tests@sha256:c5c8160ff39c07250d62d8416fd3b5613eb696bf40cb505d9e118968d9c7cd1c_ppc64le |
| Red Hat | openshift4/ose-csi-external-attacher@sha256:1054b1191bcfe9483c3ea8df782c8a1c6679e06063484b87c234a522dfecf721_s390x as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-csi-external-attacher@sha256:1054b1191bcfe9483c3ea8df782c8a1c6679e06063484b87c234a522dfecf721_s390x, openshift4/ose-csi-external-attacher@sha256:1054b1191bcfe9483c3ea8df782c8a1c6679e06063484b87c234a522dfecf721_s390x, openshift4/ose-csi-external-attacher@sha256:1054b1191bcfe9483c3ea8df782c8a1c6679e06063484b87c234a522dfecf721_s390x |
| Red Hat | openshift4/ose-must-gather@sha256:6787396d93b3b5c60d5abf4d9249a71b15f54e64b06f42ca72c60bc4682f1012_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-must-gather@sha256:6787396d93b3b5c60d5abf4d9249a71b15f54e64b06f42ca72c60bc4682f1012_ppc64le, *, openshift4/ose-must-gather@sha256:6787396d93b3b5c60d5abf4d9249a71b15f54e64b06f42ca72c60bc4682f1012_ppc64le |
| Red Hat | openshift4/ose-kube-state-metrics@sha256:7864a43714b561b19903704f3c51e2fea4abbec981fe4f18ad3b943212da54f5_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-kube-state-metrics@sha256:7864a43714b561b19903704f3c51e2fea4abbec981fe4f18ad3b943212da54f5_ppc64le, *, openshift4/ose-kube-state-metrics@sha256:7864a43714b561b19903704f3c51e2fea4abbec981fe4f18ad3b943212da54f5_ppc64le |
| Red Hat | openshift4/ose-machine-api-operator@sha256:06a3c5af86c5e5b7d63c01df9012d45732c8f3b00e8b74f248c5937b5ec49e11_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-machine-api-operator@sha256:06a3c5af86c5e5b7d63c01df9012d45732c8f3b00e8b74f248c5937b5ec49e11_amd64, *, * |
| Red Hat | openshift4/ose-csi-driver-shared-resource-operator-rhel8@sha256:717dbecc8923f546ccd0ec69e01a088b3d4a0c6459121d4ac063f6d1d4c77b17_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-csi-driver-shared-resource-operator-rhel8@sha256:717dbecc8923f546ccd0ec69e01a088b3d4a0c6459121d4ac063f6d1d4c77b17_amd64, openshift4/ose-csi-driver-shared-resource-operator-rhel8@sha256:717dbecc8923f546ccd0ec69e01a088b3d4a0c6459121d4ac063f6d1d4c77b17_amd64, openshift4/ose-csi-driver-shared-resource-operator-rhel8@sha256:717dbecc8923f546ccd0ec69e01a088b3d4a0c6459121d4ac063f6d1d4c77b17_amd64 |
| Red Hat | openshift4/ose-gcp-cloud-controller-manager-rhel8@sha256:7d75cfb2d06dd3cb069443e087f62f3b788655435cac1c9299936e481534dd0b_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-gcp-cloud-controller-manager-rhel8@sha256:7d75cfb2d06dd3cb069443e087f62f3b788655435cac1c9299936e481534dd0b_ppc64le, *, openshift4/ose-gcp-cloud-controller-manager-rhel8@sha256:7d75cfb2d06dd3cb069443e087f62f3b788655435cac1c9299936e481534dd0b_ppc64le |
| Red Hat | openshift4/ose-cluster-baremetal-operator-rhel8@sha256:2fc0aa332ec89c78fd9f5f02883df3436a291641a60d8802a87dd1c5f3e13aef_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-cluster-baremetal-operator-rhel8@sha256:2fc0aa332ec89c78fd9f5f02883df3436a291641a60d8802a87dd1c5f3e13aef_amd64, openshift4/ose-cluster-baremetal-operator-rhel8@sha256:2fc0aa332ec89c78fd9f5f02883df3436a291641a60d8802a87dd1c5f3e13aef_amd64, * |
| Red Hat | openshift4/ose-csi-external-resizer-rhel8@sha256:53dce5a1851d635e0853205eef9180b04d1a4e8797d67c7378415ca454784779_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-csi-external-resizer-rhel8@sha256:53dce5a1851d635e0853205eef9180b04d1a4e8797d67c7378415ca454784779_ppc64le, openshift4/ose-csi-external-resizer-rhel8@sha256:53dce5a1851d635e0853205eef9180b04d1a4e8797d67c7378415ca454784779_ppc64le, openshift4/ose-csi-external-resizer-rhel8@sha256:53dce5a1851d635e0853205eef9180b04d1a4e8797d67c7378415ca454784779_ppc64le |
| Red Hat | openshift4/ose-csi-driver-manila-rhel8@sha256:c1f6055eb9cd8ff5420cc54ef782565a434a3ac82b5274756de51a1620d09021_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | *, *, * |
| Red Hat | openshift4/ose-cluster-api-rhel8@sha256:44e2d638a9e1d2337e62699cef21d12ae141d2cdb343e64220e62c2febf763f3_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | *, *, openshift4/ose-cluster-api-rhel8@sha256:44e2d638a9e1d2337e62699cef21d12ae141d2cdb343e64220e62c2febf763f3_ppc64le |
| Red Hat | openshift4/ose-multus-admission-controller@sha256:ccf406c25a915bf1fbd143be16fb4d9908a676769a7d02158ae3b20c17508261_s390x as a component of Red Hat OpenShift Container Platform 4.12 | *, *, * |
| Red Hat | openshift4/ose-multus-cni@sha256:ffb90379ccc80838c0c3b5c06561b48ac4350e7248b31e76ef0988fcff0660ee_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-multus-cni@sha256:ffb90379ccc80838c0c3b5c06561b48ac4350e7248b31e76ef0988fcff0660ee_arm64, openshift4/ose-multus-cni@sha256:ffb90379ccc80838c0c3b5c06561b48ac4350e7248b31e76ef0988fcff0660ee_arm64, openshift4/ose-multus-cni@sha256:ffb90379ccc80838c0c3b5c06561b48ac4350e7248b31e76ef0988fcff0660ee_arm64 |
| Red Hat | openshift4/ose-telemeter@sha256:44a0f6d869f9d658b279cff8b751cfe5d8cc1e4c02f11ee75e1c734e847c3fd8_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-telemeter@sha256:44a0f6d869f9d658b279cff8b751cfe5d8cc1e4c02f11ee75e1c734e847c3fd8_arm64, *, * |
| Red Hat | openshift4/openshift-route-controller-manager-rhel8@sha256:6831fdb4d9c13b36b03c27b525ac902f60e0b38e3982492b4ce13b510406a4c4_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/openshift-route-controller-manager-rhel8@sha256:6831fdb4d9c13b36b03c27b525ac902f60e0b38e3982492b4ce13b510406a4c4_amd64, openshift4/openshift-route-controller-manager-rhel8@sha256:6831fdb4d9c13b36b03c27b525ac902f60e0b38e3982492b4ce13b510406a4c4_amd64, * |
| Red Hat | openshift4/ose-csi-external-provisioner@sha256:ea95c9ef65316b1b7cd47eced17f48ce47d3b2fcbf548ba1c4477cc367d6ed63_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-csi-external-provisioner@sha256:ea95c9ef65316b1b7cd47eced17f48ce47d3b2fcbf548ba1c4477cc367d6ed63_amd64, openshift4/ose-csi-external-provisioner@sha256:ea95c9ef65316b1b7cd47eced17f48ce47d3b2fcbf548ba1c4477cc367d6ed63_amd64, * |
…and 1192 more
Timeline
- Feb 21, 2024 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- May 16, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2024:0833 advisory
- https://access.redhat.com/security/updates/classification/#critical advisory
- https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2243296 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2245180 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2258143 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2258165 issue
- https://issues.redhat.com/browse/OCPBUGS-27776 advisory
- https://issues.redhat.com/browse/OCPBUGS-27962 advisory
- https://issues.redhat.com/browse/OCPBUGS-28229 advisory
- https://issues.redhat.com/browse/OCPBUGS-28954 advisory
- https://issues.redhat.com/browse/OCPBUGS-28959 advisory
- https://issues.redhat.com/browse/OCPBUGS-29066 advisory
- https://issues.redhat.com/browse/OCPBUGS-29229 advisory
- https://issues.redhat.com/browse/OCPBUGS-29278 advisory
- https://issues.redhat.com/browse/OCPBUGS-29302 advisory
- https://issues.redhat.com/browse/OCPBUGS-29348 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0833.json advisory
- https://access.redhat.com/security/cve/CVE-2023-39325 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-39325 advisory
…and 17 more