RHSA-2024%3A10142
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/ose-cluster-monitoring-rhel9-operator@sha256:8917acb79481bbce47f59d43509dc70f00ca2985c39e30d36d7ef9412ce35e07_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-cluster-monitoring-rhel9-operator@sha256:8917acb79481bbce47f59d43509dc70f00ca2985c39e30d36d7ef9412ce35e07_amd64, *, * |
| Red Hat | openshift4/ose-installer-artifacts@sha256:beab1703c711cf4bb6b5785931c419e9b506e2e57fe7b4a94e02c8b8f47c7c1b_arm64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-installer-artifacts@sha256:beab1703c711cf4bb6b5785931c419e9b506e2e57fe7b4a94e02c8b8f47c7c1b_arm64, openshift4/ose-installer-artifacts@sha256:beab1703c711cf4bb6b5785931c419e9b506e2e57fe7b4a94e02c8b8f47c7c1b_arm64, openshift4/ose-installer-artifacts@sha256:beab1703c711cf4bb6b5785931c419e9b506e2e57fe7b4a94e02c8b8f47c7c1b_arm64 |
| Red Hat | openshift4/openshift-route-controller-manager-rhel8@sha256:af209a91467f0825294e767594c1328a4561af0b982cbc4649efb8a7926d898e_s390x as a component of Red Hat OpenShift Container Platform 4.15 | *, openshift4/openshift-route-controller-manager-rhel8@sha256:af209a91467f0825294e767594c1328a4561af0b982cbc4649efb8a7926d898e_s390x, openshift4/openshift-route-controller-manager-rhel8@sha256:af209a91467f0825294e767594c1328a4561af0b982cbc4649efb8a7926d898e_s390x |
| Red Hat | openshift4/ose-aws-cloud-controller-manager-rhel9@sha256:426748976eb6b92144fa51328f6b312b57a7a4f183fcf9c6a7ba52d379e8f072_arm64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-aws-cloud-controller-manager-rhel9@sha256:426748976eb6b92144fa51328f6b312b57a7a4f183fcf9c6a7ba52d379e8f072_arm64, *, openshift4/ose-aws-cloud-controller-manager-rhel9@sha256:426748976eb6b92144fa51328f6b312b57a7a4f183fcf9c6a7ba52d379e8f072_arm64 |
| Red Hat | openshift4/ose-vmware-vsphere-csi-driver-rhel9@sha256:95ff8695c7ef63635eaa0d77767d78c4617da4ab6b7b508fdea184d1cb204dc1_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | *, openshift4/ose-vmware-vsphere-csi-driver-rhel9@sha256:95ff8695c7ef63635eaa0d77767d78c4617da4ab6b7b508fdea184d1cb204dc1_amd64, openshift4/ose-vmware-vsphere-csi-driver-rhel9@sha256:95ff8695c7ef63635eaa0d77767d78c4617da4ab6b7b508fdea184d1cb204dc1_amd64 |
| Red Hat | openshift4/ose-docker-builder@sha256:aab0693b71b85f69545b8890aad8d9921c9f36740cfff52744e58a9602d40d17_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-docker-builder@sha256:aab0693b71b85f69545b8890aad8d9921c9f36740cfff52744e58a9602d40d17_amd64, openshift4/ose-docker-builder@sha256:aab0693b71b85f69545b8890aad8d9921c9f36740cfff52744e58a9602d40d17_amd64, openshift4/ose-docker-builder@sha256:aab0693b71b85f69545b8890aad8d9921c9f36740cfff52744e58a9602d40d17_amd64 |
| Red Hat | openshift4/ose-pod-rhel9@sha256:cbaa2b403c6a225a57298b26019a82efcf29e36dd20f909c35fd57cee88f25ff_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | *, openshift4/ose-pod-rhel9@sha256:cbaa2b403c6a225a57298b26019a82efcf29e36dd20f909c35fd57cee88f25ff_amd64, openshift4/ose-pod-rhel9@sha256:cbaa2b403c6a225a57298b26019a82efcf29e36dd20f909c35fd57cee88f25ff_amd64 |
| Red Hat | openshift4/ose-agent-installer-api-server-rhel8@sha256:49cf67199249ae178129155e65dce5b3836df96371b54bac529966195049a7c4_arm64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-agent-installer-api-server-rhel8@sha256:49cf67199249ae178129155e65dce5b3836df96371b54bac529966195049a7c4_arm64, *, openshift4/ose-agent-installer-api-server-rhel8@sha256:49cf67199249ae178129155e65dce5b3836df96371b54bac529966195049a7c4_arm64 |
| Red Hat | openshift4/ose-cluster-kube-cluster-api-rhel9-operator@sha256:fba90aa4287c75f5a8913e2d7715da3a090d101d6d7287179eb990077fa87920_arm64 as a component of Red Hat OpenShift Container Platform 4.15 | *, openshift4/ose-cluster-kube-cluster-api-rhel9-operator@sha256:fba90aa4287c75f5a8913e2d7715da3a090d101d6d7287179eb990077fa87920_arm64, openshift4/ose-cluster-kube-cluster-api-rhel9-operator@sha256:fba90aa4287c75f5a8913e2d7715da3a090d101d6d7287179eb990077fa87920_arm64 |
| Red Hat | openshift4/ose-agent-installer-orchestrator-rhel8@sha256:33af717bedbe11b99465eb8979df23924fc62216b82be9e96076cc8e2ee8b3c2_ppc64le as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-agent-installer-orchestrator-rhel8@sha256:33af717bedbe11b99465eb8979df23924fc62216b82be9e96076cc8e2ee8b3c2_ppc64le, *, openshift4/ose-agent-installer-orchestrator-rhel8@sha256:33af717bedbe11b99465eb8979df23924fc62216b82be9e96076cc8e2ee8b3c2_ppc64le |
| Red Hat | openshift4/ose-configmap-reloader-rhel9@sha256:a3dabe761873204b3c1e72a09744476ee6cb30d48e76019dce3277e4101dfe02_s390x as a component of Red Hat OpenShift Container Platform 4.15 | *, openshift4/ose-configmap-reloader-rhel9@sha256:a3dabe761873204b3c1e72a09744476ee6cb30d48e76019dce3277e4101dfe02_s390x, openshift4/ose-configmap-reloader-rhel9@sha256:a3dabe761873204b3c1e72a09744476ee6cb30d48e76019dce3277e4101dfe02_s390x |
| Red Hat | openshift4/ose-cluster-openshift-apiserver-rhel9-operator@sha256:c8618bf09b7340b5815b01d5bb0030b54025ee36f2ddb8d6ca75631b2afc1546_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-cluster-openshift-apiserver-rhel9-operator@sha256:c8618bf09b7340b5815b01d5bb0030b54025ee36f2ddb8d6ca75631b2afc1546_amd64, openshift4/ose-cluster-openshift-apiserver-rhel9-operator@sha256:c8618bf09b7340b5815b01d5bb0030b54025ee36f2ddb8d6ca75631b2afc1546_amd64, openshift4/ose-cluster-openshift-apiserver-rhel9-operator@sha256:c8618bf09b7340b5815b01d5bb0030b54025ee36f2ddb8d6ca75631b2afc1546_amd64 |
| Red Hat | openshift4/ose-agent-installer-csr-approver-rhel8@sha256:29383d4e1b6ccfa24710758257e2215357c3a41d061320b387f9be9e13a60f6d_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-agent-installer-csr-approver-rhel8@sha256:29383d4e1b6ccfa24710758257e2215357c3a41d061320b387f9be9e13a60f6d_amd64, openshift4/ose-agent-installer-csr-approver-rhel8@sha256:29383d4e1b6ccfa24710758257e2215357c3a41d061320b387f9be9e13a60f6d_amd64, openshift4/ose-agent-installer-csr-approver-rhel8@sha256:29383d4e1b6ccfa24710758257e2215357c3a41d061320b387f9be9e13a60f6d_amd64 |
| Red Hat | openshift4/ose-machine-api-provider-aws-rhel9@sha256:b9a52114c21dee41ca6af803d7953747a5ff71a5f74e40ce01b86f2739cfc239_arm64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-machine-api-provider-aws-rhel9@sha256:b9a52114c21dee41ca6af803d7953747a5ff71a5f74e40ce01b86f2739cfc239_arm64, *, openshift4/ose-machine-api-provider-aws-rhel9@sha256:b9a52114c21dee41ca6af803d7953747a5ff71a5f74e40ce01b86f2739cfc239_arm64 |
| Red Hat | openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8@sha256:4d835243fe806e20f591aa79557bdd9de3b8edc8f5854c2f566f357f9593c212_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8@sha256:4d835243fe806e20f591aa79557bdd9de3b8edc8f5854c2f566f357f9593c212_amd64, openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8@sha256:4d835243fe806e20f591aa79557bdd9de3b8edc8f5854c2f566f357f9593c212_amd64, openshift4/ose-ibm-vpc-block-csi-driver-operator-rhel8@sha256:4d835243fe806e20f591aa79557bdd9de3b8edc8f5854c2f566f357f9593c212_amd64 |
| Red Hat | openshift4/ovirt-csi-driver-rhel9@sha256:6dbd4fe5939311867370c949666748d35df9938f558f8c8c1236c0e31ee9ebdd_s390x as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ovirt-csi-driver-rhel9@sha256:6dbd4fe5939311867370c949666748d35df9938f558f8c8c1236c0e31ee9ebdd_s390x, *, * |
| Red Hat | openshift4/ose-apiserver-network-proxy-rhel9@sha256:116edb2f71b16775997f9224ddc946d2c3d223ba26c364290e7bac90cd5ac0b0_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-apiserver-network-proxy-rhel9@sha256:116edb2f71b16775997f9224ddc946d2c3d223ba26c364290e7bac90cd5ac0b0_amd64, *, openshift4/ose-apiserver-network-proxy-rhel9@sha256:116edb2f71b16775997f9224ddc946d2c3d223ba26c364290e7bac90cd5ac0b0_amd64 |
| Red Hat | openshift4/ose-baremetal-machine-controllers-rhel9@sha256:7cbbbaf244a342cadd5c3051f10a7b8282ac3959664170858f8653b5796534bb_arm64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-baremetal-machine-controllers-rhel9@sha256:7cbbbaf244a342cadd5c3051f10a7b8282ac3959664170858f8653b5796534bb_arm64, openshift4/ose-baremetal-machine-controllers-rhel9@sha256:7cbbbaf244a342cadd5c3051f10a7b8282ac3959664170858f8653b5796534bb_arm64, openshift4/ose-baremetal-machine-controllers-rhel9@sha256:7cbbbaf244a342cadd5c3051f10a7b8282ac3959664170858f8653b5796534bb_arm64 |
| Red Hat | openshift4/ose-multus-route-override-cni-rhel8@sha256:8c50c79006179f87e37817b4010ab3959f924bc0af83f8f674e559f92c12ec7b_amd64 as a component of Red Hat OpenShift Container Platform 4.15 | openshift4/ose-multus-route-override-cni-rhel8@sha256:8c50c79006179f87e37817b4010ab3959f924bc0af83f8f674e559f92c12ec7b_amd64, *, * |
| Red Hat | openshift4/ose-csi-external-provisioner@sha256:bd1bfdacef74663ff4b484ab979e27478659c64d12e7b60b0618192e6b10ecaa_arm64 as a component of Red Hat OpenShift Container Platform 4.15 | *, openshift4/ose-csi-external-provisioner@sha256:bd1bfdacef74663ff4b484ab979e27478659c64d12e7b60b0618192e6b10ecaa_arm64, openshift4/ose-csi-external-provisioner@sha256:bd1bfdacef74663ff4b484ab979e27478659c64d12e7b60b0618192e6b10ecaa_arm64 |
…and 1280 more
Timeline
- Nov 26, 2024 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- May 16, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2024:10142 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2243296 issue
- https://issues.redhat.com/browse/OCPBUGS-42137 advisory
- https://issues.redhat.com/browse/OCPBUGS-42355 advisory
- https://issues.redhat.com/browse/OCPBUGS-43414 advisory
- https://issues.redhat.com/browse/OCPBUGS-43760 advisory
- https://issues.redhat.com/browse/OCPBUGS-44006 advisory
- https://issues.redhat.com/browse/OCPBUGS-44106 advisory
- https://issues.redhat.com/browse/OCPBUGS-44212 advisory
- https://issues.redhat.com/browse/OCPBUGS-44240 advisory
- https://issues.redhat.com/browse/OCPBUGS-44275 advisory
- https://issues.redhat.com/browse/OCPBUGS-44283 advisory
- https://issues.redhat.com/browse/OCPBUGS-44294 advisory
- https://issues.redhat.com/browse/OCPBUGS-44317 advisory
- https://issues.redhat.com/browse/OCPBUGS-44328 advisory
- https://issues.redhat.com/browse/OCPBUGS-44378 advisory
- https://issues.redhat.com/browse/OCPBUGS-44705 advisory
- https://issues.redhat.com/browse/OCPBUGS-44729 advisory
…and 8 more