RHSA-2024%3A0946
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/ose-ovn-kubernetes-rhel9@sha256:2f00f3163b4e8a3caa395b8c8229b7c932bac6ae4096dacefb311eb94c055500_ppc64le as a component of Red Hat OpenShift Container Platform 4.13 | *, openshift4/ose-ovn-kubernetes-rhel9@sha256:2f00f3163b4e8a3caa395b8c8229b7c932bac6ae4096dacefb311eb94c055500_ppc64le, openshift4/ose-ovn-kubernetes-rhel9@sha256:2f00f3163b4e8a3caa395b8c8229b7c932bac6ae4096dacefb311eb94c055500_ppc64le |
| Red Hat | openshift4/ose-oauth-apiserver-rhel8@sha256:caadd60c1feb3128b9574e2a675499972cfae9b9ebaeaedf418e42427ef7917b_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | *, openshift4/ose-oauth-apiserver-rhel8@sha256:caadd60c1feb3128b9574e2a675499972cfae9b9ebaeaedf418e42427ef7917b_arm64, * |
| Red Hat | openshift4/network-tools-rhel8@sha256:df5449cc95045714f30676f6f494faea949695d62d1dcd905717d4b3d3f4ae89_s390x as a component of Red Hat OpenShift Container Platform 4.13 | *, *, openshift4/network-tools-rhel8@sha256:df5449cc95045714f30676f6f494faea949695d62d1dcd905717d4b3d3f4ae89_s390x |
| Red Hat | openshift4/ose-tests@sha256:92f6f5cf150652e433a694c346e59a7dae20fd243c0fa4fd6249b17e80d2a977_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-tests@sha256:92f6f5cf150652e433a694c346e59a7dae20fd243c0fa4fd6249b17e80d2a977_arm64, openshift4/ose-tests@sha256:92f6f5cf150652e433a694c346e59a7dae20fd243c0fa4fd6249b17e80d2a977_arm64, * |
| Red Hat | openshift4/network-tools-rhel8@sha256:368c0aa692c128f812c78cca2bde03555ce6dd3ee4fecff625346e027770f714_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | *, openshift4/network-tools-rhel8@sha256:368c0aa692c128f812c78cca2bde03555ce6dd3ee4fecff625346e027770f714_arm64, openshift4/network-tools-rhel8@sha256:368c0aa692c128f812c78cca2bde03555ce6dd3ee4fecff625346e027770f714_arm64 |
| Red Hat | openshift4/ose-ovn-kubernetes-microshift-rhel9@sha256:657ababb7e793e1ed9ba7e13908f2c345f56e25998e0f2c55e4b0255b3a8addb_s390x as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-ovn-kubernetes-microshift-rhel9@sha256:657ababb7e793e1ed9ba7e13908f2c345f56e25998e0f2c55e4b0255b3a8addb_s390x, openshift4/ose-ovn-kubernetes-microshift-rhel9@sha256:657ababb7e793e1ed9ba7e13908f2c345f56e25998e0f2c55e4b0255b3a8addb_s390x, * |
| Red Hat | openshift4/ose-insights-rhel8-operator@sha256:f4e9f5f638ceb2b8c6b338c2a29ac4051f31aeca2c0e1ad9c50b37da99e8ff3e_ppc64le as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-insights-rhel8-operator@sha256:f4e9f5f638ceb2b8c6b338c2a29ac4051f31aeca2c0e1ad9c50b37da99e8ff3e_ppc64le, openshift4/ose-insights-rhel8-operator@sha256:f4e9f5f638ceb2b8c6b338c2a29ac4051f31aeca2c0e1ad9c50b37da99e8ff3e_ppc64le, * |
| Red Hat | openshift4/ose-installer@sha256:69f483f940db39b61d77b52ad0a31cb046cc55cc010868eb013a62e4b5e53732_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | *, openshift4/ose-installer@sha256:69f483f940db39b61d77b52ad0a31cb046cc55cc010868eb013a62e4b5e53732_arm64, openshift4/ose-installer@sha256:69f483f940db39b61d77b52ad0a31cb046cc55cc010868eb013a62e4b5e53732_arm64 |
| Red Hat | openshift4/ose-ironic-rhel9@sha256:bfcba4edcb97b835780f94564ef0c51e7dd4ff0b13cc8451f5d808d42683555f_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-ironic-rhel9@sha256:bfcba4edcb97b835780f94564ef0c51e7dd4ff0b13cc8451f5d808d42683555f_amd64, openshift4/ose-ironic-rhel9@sha256:bfcba4edcb97b835780f94564ef0c51e7dd4ff0b13cc8451f5d808d42683555f_amd64, openshift4/ose-ironic-rhel9@sha256:bfcba4edcb97b835780f94564ef0c51e7dd4ff0b13cc8451f5d808d42683555f_amd64 |
| Red Hat | rhcos@sha256:d224b14c829b29933998bbe2c58a48e0bd8eca1f9512d86f104dc5a933e274f4_x86_64 as a component of Red Hat OpenShift Container Platform 4.13 | rhcos@sha256:d224b14c829b29933998bbe2c58a48e0bd8eca1f9512d86f104dc5a933e274f4_x86_64, *, rhcos@sha256:d224b14c829b29933998bbe2c58a48e0bd8eca1f9512d86f104dc5a933e274f4_x86_64 |
| Red Hat | openshift4/ose-console@sha256:197ce5bee3cb4e020fd507d052fb3d137571054e91590ba5aef92c6f503b0b83_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | *, openshift4/ose-console@sha256:197ce5bee3cb4e020fd507d052fb3d137571054e91590ba5aef92c6f503b0b83_arm64, openshift4/ose-console@sha256:197ce5bee3cb4e020fd507d052fb3d137571054e91590ba5aef92c6f503b0b83_arm64 |
| Red Hat | openshift4/ose-tools-rhel8@sha256:8690593eb56c8f3211cccafc87fa96fd9224d1b0e655d3ddd74ff7fb070ce075_ppc64le as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-tools-rhel8@sha256:8690593eb56c8f3211cccafc87fa96fd9224d1b0e655d3ddd74ff7fb070ce075_ppc64le, *, openshift4/ose-tools-rhel8@sha256:8690593eb56c8f3211cccafc87fa96fd9224d1b0e655d3ddd74ff7fb070ce075_ppc64le |
| Red Hat | openshift4/ose-ovn-kubernetes@sha256:e1e10c640e08bc34e8deb5da5ad5d097dd807b006bed2d7db1a84d650b3d7f51_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | *, *, openshift4/ose-ovn-kubernetes@sha256:e1e10c640e08bc34e8deb5da5ad5d097dd807b006bed2d7db1a84d650b3d7f51_arm64 |
| Red Hat | openshift4/ose-ironic-machine-os-downloader-rhel9@sha256:89c19b45730a9bfc0ea1a81a3fbcc71010098b625942a662064b33b3bd281aba_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | *, *, openshift4/ose-ironic-machine-os-downloader-rhel9@sha256:89c19b45730a9bfc0ea1a81a3fbcc71010098b625942a662064b33b3bd281aba_arm64 |
| Red Hat | openshift4/ose-installer-artifacts@sha256:d96e18cefcc99e3b58eda81bcda46321dd5746d57a97bf3c7a5f7eeebe42428b_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-installer-artifacts@sha256:d96e18cefcc99e3b58eda81bcda46321dd5746d57a97bf3c7a5f7eeebe42428b_arm64, *, openshift4/ose-installer-artifacts@sha256:d96e18cefcc99e3b58eda81bcda46321dd5746d57a97bf3c7a5f7eeebe42428b_arm64 |
| Red Hat | openshift4/ose-installer-artifacts@sha256:0acf8988b7f4d03937774452536580b93a08918622344f5009e8adfda231d19f_s390x as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-installer-artifacts@sha256:0acf8988b7f4d03937774452536580b93a08918622344f5009e8adfda231d19f_s390x, *, openshift4/ose-installer-artifacts@sha256:0acf8988b7f4d03937774452536580b93a08918622344f5009e8adfda231d19f_s390x |
| Red Hat | openshift4/ose-installer@sha256:69f483f940db39b61d77b52ad0a31cb046cc55cc010868eb013a62e4b5e53732_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-installer@sha256:69f483f940db39b61d77b52ad0a31cb046cc55cc010868eb013a62e4b5e53732_arm64, *, openshift4/ose-installer@sha256:69f483f940db39b61d77b52ad0a31cb046cc55cc010868eb013a62e4b5e53732_arm64 |
| Red Hat | openshift4/ose-ironic-machine-os-downloader-rhel9@sha256:89c19b45730a9bfc0ea1a81a3fbcc71010098b625942a662064b33b3bd281aba_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | *, openshift4/ose-ironic-machine-os-downloader-rhel9@sha256:89c19b45730a9bfc0ea1a81a3fbcc71010098b625942a662064b33b3bd281aba_arm64, openshift4/ose-ironic-machine-os-downloader-rhel9@sha256:89c19b45730a9bfc0ea1a81a3fbcc71010098b625942a662064b33b3bd281aba_arm64 |
| Red Hat | openshift4/ose-insights-rhel8-operator@sha256:f4e9f5f638ceb2b8c6b338c2a29ac4051f31aeca2c0e1ad9c50b37da99e8ff3e_ppc64le as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-insights-rhel8-operator@sha256:f4e9f5f638ceb2b8c6b338c2a29ac4051f31aeca2c0e1ad9c50b37da99e8ff3e_ppc64le, *, openshift4/ose-insights-rhel8-operator@sha256:f4e9f5f638ceb2b8c6b338c2a29ac4051f31aeca2c0e1ad9c50b37da99e8ff3e_ppc64le |
| Red Hat | openshift4/ose-tests@sha256:1bdbceb12d14a38ae1370b4e82e9a89663b74df2ea8c95ccc6a1d722175defc9_s390x as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-tests@sha256:1bdbceb12d14a38ae1370b4e82e9a89663b74df2ea8c95ccc6a1d722175defc9_s390x, openshift4/ose-tests@sha256:1bdbceb12d14a38ae1370b4e82e9a89663b74df2ea8c95ccc6a1d722175defc9_s390x, openshift4/ose-tests@sha256:1bdbceb12d14a38ae1370b4e82e9a89663b74df2ea8c95ccc6a1d722175defc9_s390x |
…and 106 more
Timeline
- Feb 28, 2024 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- May 16, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2024:0946 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2243296 issue
- https://issues.redhat.com/browse/OCPBUGS-28654 advisory
- https://issues.redhat.com/browse/OCPBUGS-29597 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_0946.json advisory
- https://access.redhat.com/security/cve/CVE-2023-39325 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-39325 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-39325 advisory
- https://access.redhat.com/security/cve/CVE-2023-44487 advisory
- https://go.dev/issue/63417 advisory
- https://pkg.go.dev/vuln/GO-2023-2102 advisory
- https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 advisory