RHSA-2024%3A1464
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/ose-machine-api-operator@sha256:102c0183f9d530916b58b47513c0ec352eb6a2fad68782d12eec5e30a3869dfb_s390x as a component of Red Hat OpenShift Container Platform 4.11 | *, openshift4/ose-machine-api-operator@sha256:102c0183f9d530916b58b47513c0ec352eb6a2fad68782d12eec5e30a3869dfb_s390x, openshift4/ose-machine-api-operator@sha256:102c0183f9d530916b58b47513c0ec352eb6a2fad68782d12eec5e30a3869dfb_s390x |
| Red Hat | openshift4/ose-docker-builder@sha256:eacf56e154f289d224d32df1e43b351d37e2996ce8ca1c685668b97eb0424d60_amd64 as a component of Red Hat OpenShift Container Platform 4.11 | openshift4/ose-docker-builder@sha256:eacf56e154f289d224d32df1e43b351d37e2996ce8ca1c685668b97eb0424d60_amd64, openshift4/ose-docker-builder@sha256:eacf56e154f289d224d32df1e43b351d37e2996ce8ca1c685668b97eb0424d60_amd64, * |
| Red Hat | openshift4/ose-insights-rhel8-operator@sha256:3da4482de499e9b4e54bd4f5ad4c13e043e232319bae2950f64d32b86c787946_amd64 as a component of Red Hat OpenShift Container Platform 4.11 | *, *, openshift4/ose-insights-rhel8-operator@sha256:3da4482de499e9b4e54bd4f5ad4c13e043e232319bae2950f64d32b86c787946_amd64 |
| Red Hat | openshift4/ose-cluster-authentication-operator@sha256:e1bffd0d1eccf7b2aaa4a6ed98fe12ab7e5ba0523cfb56d7ae40801104517eda_amd64 as a component of Red Hat OpenShift Container Platform 4.11 | *, *, openshift4/ose-cluster-authentication-operator@sha256:e1bffd0d1eccf7b2aaa4a6ed98fe12ab7e5ba0523cfb56d7ae40801104517eda_amd64 |
| Red Hat | openshift4/ose-powervs-machine-controllers-rhel8@sha256:63798f7c9356ec19b7756c1651b20b4da91ac9006f95cda5828dccbd6dee9f04_amd64 as a component of Red Hat OpenShift Container Platform 4.11 | openshift4/ose-powervs-machine-controllers-rhel8@sha256:63798f7c9356ec19b7756c1651b20b4da91ac9006f95cda5828dccbd6dee9f04_amd64, openshift4/ose-powervs-machine-controllers-rhel8@sha256:63798f7c9356ec19b7756c1651b20b4da91ac9006f95cda5828dccbd6dee9f04_amd64, * |
| Red Hat | openshift4/ose-csi-external-snapshotter-rhel8@sha256:36349ba5053ee05251cd0c854bbf939ce2c9802f5438f9a26e749c46f64a67a4_ppc64le as a component of Red Hat OpenShift Container Platform 4.11 | *, openshift4/ose-csi-external-snapshotter-rhel8@sha256:36349ba5053ee05251cd0c854bbf939ce2c9802f5438f9a26e749c46f64a67a4_ppc64le, openshift4/ose-csi-external-snapshotter-rhel8@sha256:36349ba5053ee05251cd0c854bbf939ce2c9802f5438f9a26e749c46f64a67a4_ppc64le |
| Red Hat | openshift4/ose-kube-state-metrics@sha256:35c0408a699116a2d1cfe42c41ff96c3eb0caa0f231ecab7b68f9290ed5feff5_amd64 as a component of Red Hat OpenShift Container Platform 4.11 | *, *, openshift4/ose-kube-state-metrics@sha256:35c0408a699116a2d1cfe42c41ff96c3eb0caa0f231ecab7b68f9290ed5feff5_amd64 |
| Red Hat | openshift4/ose-cli-artifacts@sha256:82a2bac7c4b9a6602e80756abdc9753d7d1320b0b01ff3227b0ad502d28ef26d_ppc64le as a component of Red Hat OpenShift Container Platform 4.11 | openshift4/ose-cli-artifacts@sha256:82a2bac7c4b9a6602e80756abdc9753d7d1320b0b01ff3227b0ad502d28ef26d_ppc64le, openshift4/ose-cli-artifacts@sha256:82a2bac7c4b9a6602e80756abdc9753d7d1320b0b01ff3227b0ad502d28ef26d_ppc64le, openshift4/ose-cli-artifacts@sha256:82a2bac7c4b9a6602e80756abdc9753d7d1320b0b01ff3227b0ad502d28ef26d_ppc64le |
| Red Hat | openshift4/ose-tests@sha256:ea37f73e1c51f86661175e46b01bbf1422505274952fba292e59b41c89f9397c_amd64 as a component of Red Hat OpenShift Container Platform 4.11 | openshift4/ose-tests@sha256:ea37f73e1c51f86661175e46b01bbf1422505274952fba292e59b41c89f9397c_amd64, *, openshift4/ose-tests@sha256:ea37f73e1c51f86661175e46b01bbf1422505274952fba292e59b41c89f9397c_amd64 |
| Red Hat | openshift4/ose-must-gather@sha256:74e1797541321bf4e2855d7350265b08526f1fbdf73d583c4a61b571daec0892_amd64 as a component of Red Hat OpenShift Container Platform 4.11 | *, *, openshift4/ose-must-gather@sha256:74e1797541321bf4e2855d7350265b08526f1fbdf73d583c4a61b571daec0892_amd64 |
| Red Hat | openshift4/ose-cluster-machine-approver@sha256:f579ce47d628091e01b40836802cd59219d0355cb0f7b8d4d32444341a040747_ppc64le as a component of Red Hat OpenShift Container Platform 4.11 | openshift4/ose-cluster-machine-approver@sha256:f579ce47d628091e01b40836802cd59219d0355cb0f7b8d4d32444341a040747_ppc64le, *, openshift4/ose-cluster-machine-approver@sha256:f579ce47d628091e01b40836802cd59219d0355cb0f7b8d4d32444341a040747_ppc64le |
| Red Hat | openshift4/ose-openshift-apiserver-rhel8@sha256:e45117e4c6efad0ba975a9031966ce96f5b7e37d988ab294b26783d955d285ac_ppc64le as a component of Red Hat OpenShift Container Platform 4.11 | openshift4/ose-openshift-apiserver-rhel8@sha256:e45117e4c6efad0ba975a9031966ce96f5b7e37d988ab294b26783d955d285ac_ppc64le, openshift4/ose-openshift-apiserver-rhel8@sha256:e45117e4c6efad0ba975a9031966ce96f5b7e37d988ab294b26783d955d285ac_ppc64le, openshift4/ose-openshift-apiserver-rhel8@sha256:e45117e4c6efad0ba975a9031966ce96f5b7e37d988ab294b26783d955d285ac_ppc64le |
| Red Hat | openshift4/ose-ironic-machine-os-downloader-rhel8@sha256:b61f6f8b92800a3a3a2ee1763daa542915dc03f6ddea02c36c1b8b4cc6417d3a_arm64 as a component of Red Hat OpenShift Container Platform 4.11 | *, openshift4/ose-ironic-machine-os-downloader-rhel8@sha256:b61f6f8b92800a3a3a2ee1763daa542915dc03f6ddea02c36c1b8b4cc6417d3a_arm64, openshift4/ose-ironic-machine-os-downloader-rhel8@sha256:b61f6f8b92800a3a3a2ee1763daa542915dc03f6ddea02c36c1b8b4cc6417d3a_arm64 |
| Red Hat | openshift4/driver-toolkit-rhel8@sha256:ddecc0d2f89e7b3c34f8fc8e197d13acd08fb718678812c097faeb48c100a04f_ppc64le as a component of Red Hat OpenShift Container Platform 4.11 | openshift4/driver-toolkit-rhel8@sha256:ddecc0d2f89e7b3c34f8fc8e197d13acd08fb718678812c097faeb48c100a04f_ppc64le, *, openshift4/driver-toolkit-rhel8@sha256:ddecc0d2f89e7b3c34f8fc8e197d13acd08fb718678812c097faeb48c100a04f_ppc64le |
| Red Hat | openshift4/ose-cluster-capi-operator-container-rhel8@sha256:c33339844f29e94752a81fbf09a4cf4890ffc37c67dea42ea9f2779b5c83978b_arm64 as a component of Red Hat OpenShift Container Platform 4.11 | openshift4/ose-cluster-capi-operator-container-rhel8@sha256:c33339844f29e94752a81fbf09a4cf4890ffc37c67dea42ea9f2779b5c83978b_arm64, openshift4/ose-cluster-capi-operator-container-rhel8@sha256:c33339844f29e94752a81fbf09a4cf4890ffc37c67dea42ea9f2779b5c83978b_arm64, * |
| Red Hat | openshift4/ose-etcd@sha256:45d8026a8c68864715e869626bbbda51bc9babac72ea96c966c7e512847603b9_amd64 as a component of Red Hat OpenShift Container Platform 4.11 | openshift4/ose-etcd@sha256:45d8026a8c68864715e869626bbbda51bc9babac72ea96c966c7e512847603b9_amd64, openshift4/ose-etcd@sha256:45d8026a8c68864715e869626bbbda51bc9babac72ea96c966c7e512847603b9_amd64, openshift4/ose-etcd@sha256:45d8026a8c68864715e869626bbbda51bc9babac72ea96c966c7e512847603b9_amd64 |
| Red Hat | openshift4/ose-cluster-kube-controller-manager-operator@sha256:d4dcbbd7ad5969d4f78075050b12274a9dd67307c793e71ef2488bbc86c7c323_ppc64le as a component of Red Hat OpenShift Container Platform 4.11 | openshift4/ose-cluster-kube-controller-manager-operator@sha256:d4dcbbd7ad5969d4f78075050b12274a9dd67307c793e71ef2488bbc86c7c323_ppc64le, openshift4/ose-cluster-kube-controller-manager-operator@sha256:d4dcbbd7ad5969d4f78075050b12274a9dd67307c793e71ef2488bbc86c7c323_ppc64le, openshift4/ose-cluster-kube-controller-manager-operator@sha256:d4dcbbd7ad5969d4f78075050b12274a9dd67307c793e71ef2488bbc86c7c323_ppc64le |
| Red Hat | openshift4/ose-cluster-ingress-operator@sha256:70e977e912db42318a75bae5decc56a830ae8cf1928f27e6a8007318c72a2c56_ppc64le as a component of Red Hat OpenShift Container Platform 4.11 | openshift4/ose-cluster-ingress-operator@sha256:70e977e912db42318a75bae5decc56a830ae8cf1928f27e6a8007318c72a2c56_ppc64le, openshift4/ose-cluster-ingress-operator@sha256:70e977e912db42318a75bae5decc56a830ae8cf1928f27e6a8007318c72a2c56_ppc64le, openshift4/ose-cluster-ingress-operator@sha256:70e977e912db42318a75bae5decc56a830ae8cf1928f27e6a8007318c72a2c56_ppc64le |
| Red Hat | openshift4/ose-docker-builder@sha256:7ee0c687be4d526d15b4815f46eae276cb78e3060ae9d4ab77e9927cb45e2105_s390x as a component of Red Hat OpenShift Container Platform 4.11 | *, openshift4/ose-docker-builder@sha256:7ee0c687be4d526d15b4815f46eae276cb78e3060ae9d4ab77e9927cb45e2105_s390x, openshift4/ose-docker-builder@sha256:7ee0c687be4d526d15b4815f46eae276cb78e3060ae9d4ab77e9927cb45e2105_s390x |
| Red Hat | openshift4/ose-azure-cloud-controller-manager-rhel8@sha256:5d3202144341794805d01f5ecbd4078f79ca9c63584868c35306cb06decc0c21_arm64 as a component of Red Hat OpenShift Container Platform 4.11 | *, openshift4/ose-azure-cloud-controller-manager-rhel8@sha256:5d3202144341794805d01f5ecbd4078f79ca9c63584868c35306cb06decc0c21_arm64, openshift4/ose-azure-cloud-controller-manager-rhel8@sha256:5d3202144341794805d01f5ecbd4078f79ca9c63584868c35306cb06decc0c21_arm64 |
…and 1216 more
Timeline
- Mar 27, 2024 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- May 16, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2024:1464 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2243296 issue
- https://issues.redhat.com/browse/OCPBUGS-22192 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1464.json advisory
- https://access.redhat.com/security/cve/CVE-2023-39325 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-39325 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-39325 advisory
- https://access.redhat.com/security/cve/CVE-2023-44487 advisory
- https://go.dev/issue/63417 advisory
- https://pkg.go.dev/vuln/GO-2023-2102 advisory
- https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 advisory