VDB
RHSA-2024%3A1683
RHSA-2024%3A1683
PUBLISHED
CVSS 7.5 HIGH
A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift4/ose-pod@sha256:6bf019e4dded5424e2ce1d1557bd054c7c388fb035da860ad5db9fea009febeb_ppc64le as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-pod@sha256:6bf019e4dded5424e2ce1d1557bd054c7c388fb035da860ad5db9fea009febeb_ppc64le |
| Red Hat | openshift4/ose-hyperkube@sha256:bb8f73001be1e2b4fa2871345c3bc787712786af3c557f8e26bbde9e507bda20_s390x as a component of Red Hat OpenShift Container Platform 4.13 | * |
| Red Hat | openshift4/ose-pod@sha256:6c83f5cd64d6d44fc5fb4a5388dbd60f622db8b6e065ae9ed42187bbbe2a6f7f_s390x as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-pod@sha256:6c83f5cd64d6d44fc5fb4a5388dbd60f622db8b6e065ae9ed42187bbbe2a6f7f_s390x |
| Red Hat | openshift4/ose-hyperkube@sha256:6c81db26fe80749b56018113d64967fd6bafd9fc9ad9ff74bfedba6ef6da8e51_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | * |
| Red Hat | openshift4/ose-hyperkube@sha256:08a3f2cc02820748cb6627d7ee17377a5195cf76b86c3cd3f460d4400f8e50a5_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-hyperkube@sha256:08a3f2cc02820748cb6627d7ee17377a5195cf76b86c3cd3f460d4400f8e50a5_arm64 |
| Red Hat | openshift4/ose-hyperkube@sha256:6dc7adba59e29a3651bb18e75ba58d61c5640e524141cc87ce8e1d8d653d8292_ppc64le as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-hyperkube@sha256:6dc7adba59e29a3651bb18e75ba58d61c5640e524141cc87ce8e1d8d653d8292_ppc64le |
| Red Hat | openshift4/ose-pod@sha256:f572afd4089fa383f22fb404248b7344fafd17cb027fc865e47b434ea8e5a73c_arm64 as a component of Red Hat OpenShift Container Platform 4.13 | openshift4/ose-pod@sha256:f572afd4089fa383f22fb404248b7344fafd17cb027fc865e47b434ea8e5a73c_arm64 |
| Red Hat | openshift4/ose-pod@sha256:49ff654b15cf7c0965afb2b240b1adf999e46f102c00670a90bbbfe1bd4e71e6_amd64 as a component of Red Hat OpenShift Container Platform 4.13 | * |
Timeline
- Apr 8, 2024 CVE Published
- Apr 25, 2026 CVE Updated
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2024:1683 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2268273 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_1683.json advisory
- https://access.redhat.com/security/cve/CVE-2023-45288 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-45288 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-45288 advisory
- https://nowotarski.info/http2-continuation-flood/ advisory
- https://pkg.go.dev/vuln/GO-2024-2687 advisory
- https://www.kb.cert.org/vuls/id/421644 advisory