RHSA-2024%3A1052
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/ose-olm-rukpak-rhel8@sha256:01369348d4f61bb28c2d19b80c099a1199af35cd146ef7ba882825da00984aa6_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-olm-rukpak-rhel8@sha256:01369348d4f61bb28c2d19b80c099a1199af35cd146ef7ba882825da00984aa6_ppc64le, openshift4/ose-olm-rukpak-rhel8@sha256:01369348d4f61bb28c2d19b80c099a1199af35cd146ef7ba882825da00984aa6_ppc64le, openshift4/ose-olm-rukpak-rhel8@sha256:01369348d4f61bb28c2d19b80c099a1199af35cd146ef7ba882825da00984aa6_ppc64le |
| Red Hat | openshift4/ose-csi-snapshot-controller-rhel8@sha256:a9aa285e37922276048ec65da30f81544476f6e0aaa66669f39172ff16553906_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-csi-snapshot-controller-rhel8@sha256:a9aa285e37922276048ec65da30f81544476f6e0aaa66669f39172ff16553906_arm64, *, openshift4/ose-csi-snapshot-controller-rhel8@sha256:a9aa285e37922276048ec65da30f81544476f6e0aaa66669f39172ff16553906_arm64 |
| Red Hat | openshift4/ose-csi-snapshot-controller-rhel8@sha256:f1bbdb10de40720da4f9726a1565bb33b04f3225ca9dd3d5ee2c981c4c8edb2e_s390x as a component of Red Hat OpenShift Container Platform 4.12 | *, *, openshift4/ose-csi-snapshot-controller-rhel8@sha256:f1bbdb10de40720da4f9726a1565bb33b04f3225ca9dd3d5ee2c981c4c8edb2e_s390x |
| Red Hat | openshift4/ose-csi-snapshot-validation-webhook-rhel8@sha256:c61e5acc0e0e847e6a3f5166a532f06be5b3a6776f07c9a2089021c6b87e8d17_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | *, openshift4/ose-csi-snapshot-validation-webhook-rhel8@sha256:c61e5acc0e0e847e6a3f5166a532f06be5b3a6776f07c9a2089021c6b87e8d17_amd64, openshift4/ose-csi-snapshot-validation-webhook-rhel8@sha256:c61e5acc0e0e847e6a3f5166a532f06be5b3a6776f07c9a2089021c6b87e8d17_amd64 |
| Red Hat | openshift4/ose-olm-rukpak-rhel8@sha256:01369348d4f61bb28c2d19b80c099a1199af35cd146ef7ba882825da00984aa6_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | *, *, openshift4/ose-olm-rukpak-rhel8@sha256:01369348d4f61bb28c2d19b80c099a1199af35cd146ef7ba882825da00984aa6_ppc64le |
| Red Hat | openshift4/ose-csi-external-snapshotter@sha256:243cbc2b1f798af2cbac260104336f689a95aae08493a06ae17b386a0c5f957c_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-csi-external-snapshotter@sha256:243cbc2b1f798af2cbac260104336f689a95aae08493a06ae17b386a0c5f957c_amd64, *, * |
| Red Hat | openshift4/ose-csi-external-snapshotter@sha256:189d3c8b6f04292607820446ed9bbda1d8adb99fbf01bf9297baeb63493d917e_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-csi-external-snapshotter@sha256:189d3c8b6f04292607820446ed9bbda1d8adb99fbf01bf9297baeb63493d917e_arm64, openshift4/ose-csi-external-snapshotter@sha256:189d3c8b6f04292607820446ed9bbda1d8adb99fbf01bf9297baeb63493d917e_arm64, openshift4/ose-csi-external-snapshotter@sha256:189d3c8b6f04292607820446ed9bbda1d8adb99fbf01bf9297baeb63493d917e_arm64 |
| Red Hat | openshift4/network-tools-rhel8@sha256:04ce678eca9f2dce98ed89c931c58ed01defc49ec0bef2756b0a6260b290e9af_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/network-tools-rhel8@sha256:04ce678eca9f2dce98ed89c931c58ed01defc49ec0bef2756b0a6260b290e9af_amd64, *, * |
| Red Hat | openshift4/ose-installer-artifacts@sha256:960aa8e5c71e83f6d23e62da6caaf112b555d66d83e14bc0bd35c6f48fa21579_s390x as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-installer-artifacts@sha256:960aa8e5c71e83f6d23e62da6caaf112b555d66d83e14bc0bd35c6f48fa21579_s390x, openshift4/ose-installer-artifacts@sha256:960aa8e5c71e83f6d23e62da6caaf112b555d66d83e14bc0bd35c6f48fa21579_s390x, * |
| Red Hat | openshift4/ose-tests@sha256:81f4d8ffc98c258fc04a433c410faf3eef60acdc23108edca678879996df3209_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | *, *, openshift4/ose-tests@sha256:81f4d8ffc98c258fc04a433c410faf3eef60acdc23108edca678879996df3209_ppc64le |
| Red Hat | openshift4/ose-olm-rukpak-rhel8@sha256:86289d93043609b8f86022a34bf2c65394e71b18e9211ff5ea22e22cb2a9845f_s390x as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-olm-rukpak-rhel8@sha256:86289d93043609b8f86022a34bf2c65394e71b18e9211ff5ea22e22cb2a9845f_s390x, *, openshift4/ose-olm-rukpak-rhel8@sha256:86289d93043609b8f86022a34bf2c65394e71b18e9211ff5ea22e22cb2a9845f_s390x |
| Red Hat | openshift4/ose-csi-external-snapshotter-rhel8@sha256:e3f7e2a427acce5bc3ea21342a8840c9b608a9e30cb4fc0556904de787b76332_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-csi-external-snapshotter-rhel8@sha256:e3f7e2a427acce5bc3ea21342a8840c9b608a9e30cb4fc0556904de787b76332_ppc64le, openshift4/ose-csi-external-snapshotter-rhel8@sha256:e3f7e2a427acce5bc3ea21342a8840c9b608a9e30cb4fc0556904de787b76332_ppc64le, openshift4/ose-csi-external-snapshotter-rhel8@sha256:e3f7e2a427acce5bc3ea21342a8840c9b608a9e30cb4fc0556904de787b76332_ppc64le |
| Red Hat | openshift4/ose-baremetal-installer-rhel8@sha256:7b8fc31cd3a991ef09f18830722beabc341c80019e8b8bfb841ccf854dc12acd_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-baremetal-installer-rhel8@sha256:7b8fc31cd3a991ef09f18830722beabc341c80019e8b8bfb841ccf854dc12acd_amd64, openshift4/ose-baremetal-installer-rhel8@sha256:7b8fc31cd3a991ef09f18830722beabc341c80019e8b8bfb841ccf854dc12acd_amd64, openshift4/ose-baremetal-installer-rhel8@sha256:7b8fc31cd3a991ef09f18830722beabc341c80019e8b8bfb841ccf854dc12acd_amd64 |
| Red Hat | rhcos@sha256:463ff8348302ea56c93da35bec2f50136ed9ade1cc00956b8f586744d3838e3d_s390x as a component of Red Hat OpenShift Container Platform 4.12 | rhcos@sha256:463ff8348302ea56c93da35bec2f50136ed9ade1cc00956b8f586744d3838e3d_s390x, *, * |
| Red Hat | openshift4/driver-toolkit-rhel8@sha256:ce5fb7e5f8a80271acff183becd97627d79507713594306cb1a29bff22cf24c0_s390x as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/driver-toolkit-rhel8@sha256:ce5fb7e5f8a80271acff183becd97627d79507713594306cb1a29bff22cf24c0_s390x, *, * |
| Red Hat | openshift4/ose-ironic-rhel9@sha256:d3a9c332f504054aec0729944ccccf45d33983cf20ec8249a5af949c944f38b7_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | *, *, openshift4/ose-ironic-rhel9@sha256:d3a9c332f504054aec0729944ccccf45d33983cf20ec8249a5af949c944f38b7_arm64 |
| Red Hat | openshift4/driver-toolkit-rhel8@sha256:c9247a566b200f0da3a6299d595b737a6796117dfd7937924f907376ac09293b_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/driver-toolkit-rhel8@sha256:c9247a566b200f0da3a6299d595b737a6796117dfd7937924f907376ac09293b_ppc64le, openshift4/driver-toolkit-rhel8@sha256:c9247a566b200f0da3a6299d595b737a6796117dfd7937924f907376ac09293b_ppc64le, openshift4/driver-toolkit-rhel8@sha256:c9247a566b200f0da3a6299d595b737a6796117dfd7937924f907376ac09293b_ppc64le |
| Red Hat | openshift4/ose-machine-os-images-rhel8@sha256:20e0b77fc0335ad495b3cdb2359392442844b2017ccdaa95b8edddf9b319e87c_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-machine-os-images-rhel8@sha256:20e0b77fc0335ad495b3cdb2359392442844b2017ccdaa95b8edddf9b319e87c_amd64, openshift4/ose-machine-os-images-rhel8@sha256:20e0b77fc0335ad495b3cdb2359392442844b2017ccdaa95b8edddf9b319e87c_amd64, openshift4/ose-machine-os-images-rhel8@sha256:20e0b77fc0335ad495b3cdb2359392442844b2017ccdaa95b8edddf9b319e87c_amd64 |
| Red Hat | openshift4/ose-csi-external-snapshotter-rhel8@sha256:066407a4c7015fe82c2efd69c8c2ea49e427db0fc7f7caacd671a8670e5cce3e_s390x as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-csi-external-snapshotter-rhel8@sha256:066407a4c7015fe82c2efd69c8c2ea49e427db0fc7f7caacd671a8670e5cce3e_s390x, openshift4/ose-csi-external-snapshotter-rhel8@sha256:066407a4c7015fe82c2efd69c8c2ea49e427db0fc7f7caacd671a8670e5cce3e_s390x, * |
| Red Hat | openshift4/ose-insights-rhel8-operator@sha256:d76ab3b561df3672a748deef61efe621d17631a01e523a5328d73693d4923fb2_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | *, *, openshift4/ose-insights-rhel8-operator@sha256:d76ab3b561df3672a748deef61efe621d17631a01e523a5328d73693d4923fb2_amd64 |
…and 168 more
Exploit Intelligence
- Plan v3 US-6: coredns-style fork fixture for Scanner E2E (CVE-2023-39325) (github-poc-repo)
- Plan v3 US-6: coredns-style fork fixture for Scanner E2E (CVE-2023-39325) (github-poc)
- .trivyignore.yaml (github-poc)
- .trivyignore.yml (github-poc)
- scan.openvex.json (github-poc)
Timeline
- Mar 6, 2024 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- May 16, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2024:1052 advisory
- https://access.redhat.com/security/updates/classification/#critical advisory
- https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2243296 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2258143 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2258165 issue
- https://issues.redhat.com/browse/OCPBUGS-22928 advisory
- https://issues.redhat.com/browse/OCPBUGS-24524 advisory
- https://issues.redhat.com/browse/OCPBUGS-29167 advisory
- https://issues.redhat.com/browse/OCPBUGS-29232 advisory
- https://issues.redhat.com/browse/OCPBUGS-29244 advisory
- https://issues.redhat.com/browse/OCPBUGS-29366 advisory
- https://issues.redhat.com/browse/OCPBUGS-29746 advisory
- https://issues.redhat.com/browse/OCPBUGS-29767 advisory
- https://issues.redhat.com/browse/OCPBUGS-29769 advisory
- https://issues.redhat.com/browse/OCPBUGS-29884 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1052.json advisory
- https://access.redhat.com/security/cve/CVE-2023-39325 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-39325 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-39325 advisory
…and 12 more