VDB
RHSA-2024%3A1679
RHSA-2024%3A1679
PUBLISHED
CVSS 7.5 HIGH
A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/ose-hyperkube@sha256:19d0c592914c0a3b4fdf4e387ca1e56484a60790aafae1a0513e0311be1c426b_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | * |
| Red Hat | openshift4/ose-pod@sha256:09f9b48e67033e079916d318ec6018a8afc4cf93220ded16f9eed75af5abd712_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-pod@sha256:09f9b48e67033e079916d318ec6018a8afc4cf93220ded16f9eed75af5abd712_ppc64le |
| Red Hat | openshift4/ose-hyperkube@sha256:3f6e584b37271f37182144533d7ce224fe20439452bf4f3bd07672e31def24da_s390x as a component of Red Hat OpenShift Container Platform 4.12 | * |
| Red Hat | openshift4/ose-hyperkube@sha256:fc65b447c7d8427d6b07c6d1c89918ec1d89825238703502eda5e4b61f489c5b_ppc64le as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-hyperkube@sha256:fc65b447c7d8427d6b07c6d1c89918ec1d89825238703502eda5e4b61f489c5b_ppc64le |
| Red Hat | openshift4/ose-pod@sha256:60ed0d4727134777de93626c1de3b8eb011cad8746f9f7227eede8277a8ec1e0_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-pod@sha256:60ed0d4727134777de93626c1de3b8eb011cad8746f9f7227eede8277a8ec1e0_arm64 |
| Red Hat | openshift4/ose-pod@sha256:e6bde3f71d872d8ca548d82ba9ad5fda412f81a56e64bab9e56860fabbe30207_amd64 as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-pod@sha256:e6bde3f71d872d8ca548d82ba9ad5fda412f81a56e64bab9e56860fabbe30207_amd64 |
| Red Hat | openshift4/ose-hyperkube@sha256:346c91e88d93f8a9599b7ffde861d5a6b1fc16f1cdf2cc68074fe04b60ac0efa_arm64 as a component of Red Hat OpenShift Container Platform 4.12 | * |
| Red Hat | openshift4/ose-pod@sha256:897f6305233eb17cdede37eeaed9f4d03d556ebaae1e06a952cea604dd5ed405_s390x as a component of Red Hat OpenShift Container Platform 4.12 | openshift4/ose-pod@sha256:897f6305233eb17cdede37eeaed9f4d03d556ebaae1e06a952cea604dd5ed405_s390x |
Timeline
- Apr 8, 2024 CVE Published
- Apr 25, 2026 CVE Updated
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2024:1679 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2268273 issue
- https://issues.redhat.com/browse/OCPBUGS-30295 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1679.json advisory
- https://access.redhat.com/security/cve/CVE-2023-45288 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-45288 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-45288 advisory
- https://nowotarski.info/http2-continuation-flood/ advisory
- https://pkg.go.dev/vuln/GO-2024-2687 advisory
- https://www.kb.cert.org/vuls/id/421644 advisory