VDB
RHSA-2024%3A2932
RHSA-2024%3A2932
PUBLISHED
CVSS 7.5 HIGH
golang: net/http, x/net/http2: unlimited number of CONTINUATION frames causes DoS
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | openshift-logging/logging-loki-rhel9@sha256:61c6df0a2e3f6215ec070bf810e70f77fb9c16934439b46856ddbac355d6c1b8_ppc64le as a component of RHOL 5.8 for RHEL 9 | openshift-logging/logging-loki-rhel9@sha256:61c6df0a2e3f6215ec070bf810e70f77fb9c16934439b46856ddbac355d6c1b8_ppc64le |
| Red Hat | openshift-logging/lokistack-gateway-rhel9@sha256:0a9db85b98926dbfc6443ffe43296cdbfcf57baf6b886cb06846aff7a86a941d_s390x as a component of RHOL 5.8 for RHEL 9 | openshift-logging/lokistack-gateway-rhel9@sha256:0a9db85b98926dbfc6443ffe43296cdbfcf57baf6b886cb06846aff7a86a941d_s390x |
| Red Hat | openshift-logging/logging-view-plugin-rhel9@sha256:2806bedf9333e6bbe17338e4c4fb62ba98ce8e501a44d4339e5b010dd6555abd_ppc64le as a component of RHOL 5.8 for RHEL 9 | openshift-logging/logging-view-plugin-rhel9@sha256:2806bedf9333e6bbe17338e4c4fb62ba98ce8e501a44d4339e5b010dd6555abd_ppc64le |
| Red Hat | openshift-logging/elasticsearch-rhel9-operator@sha256:f0ce5f22f7aa49797de754efa2b17c62c41558b00c558328691a21ff2c23c8cb_arm64 as a component of RHOL 5.8 for RHEL 9 | openshift-logging/elasticsearch-rhel9-operator@sha256:f0ce5f22f7aa49797de754efa2b17c62c41558b00c558328691a21ff2c23c8cb_arm64 |
| Red Hat | openshift-logging/loki-operator-bundle@sha256:3170281fa5d979d062239d24af0778f902408db026d99c41603df9e48ec1a8ce_amd64 as a component of RHOL 5.8 for RHEL 9 | openshift-logging/loki-operator-bundle@sha256:3170281fa5d979d062239d24af0778f902408db026d99c41603df9e48ec1a8ce_amd64 |
| Red Hat | openshift-logging/elasticsearch-operator-bundle@sha256:31b9f0c3c8b1fef81a18bab856d011a0eced7ca1fcd74d62ea77fab592006693_amd64 as a component of RHOL 5.8 for RHEL 9 | openshift-logging/elasticsearch-operator-bundle@sha256:31b9f0c3c8b1fef81a18bab856d011a0eced7ca1fcd74d62ea77fab592006693_amd64 |
| Red Hat | openshift-logging/logging-loki-rhel9@sha256:aea5a63e59a96553d1559a618b5914cfd2cf57ade813110a668310e5a542697d_s390x as a component of RHOL 5.8 for RHEL 9 | openshift-logging/logging-loki-rhel9@sha256:aea5a63e59a96553d1559a618b5914cfd2cf57ade813110a668310e5a542697d_s390x |
| Red Hat | openshift-logging/vector-rhel9@sha256:98eecb61c29c4eedd104b2ff5a429a303967765c59b5d49d9f725956be39bc77_amd64 as a component of RHOL 5.8 for RHEL 9 | openshift-logging/vector-rhel9@sha256:98eecb61c29c4eedd104b2ff5a429a303967765c59b5d49d9f725956be39bc77_amd64 |
| Red Hat | openshift-logging/log-file-metric-exporter-rhel9@sha256:5fc34d4024f969fe3ec47a31336b90e8114e73fefa80d898b4ee826f1f4c7b65_ppc64le as a component of RHOL 5.8 for RHEL 9 | openshift-logging/log-file-metric-exporter-rhel9@sha256:5fc34d4024f969fe3ec47a31336b90e8114e73fefa80d898b4ee826f1f4c7b65_ppc64le |
| Red Hat | openshift-logging/logging-loki-rhel9@sha256:9b9bf7640468f5a13b35cc25e57421f1630d38bb6f01b7843e293eae6a033270_arm64 as a component of RHOL 5.8 for RHEL 9 | openshift-logging/logging-loki-rhel9@sha256:9b9bf7640468f5a13b35cc25e57421f1630d38bb6f01b7843e293eae6a033270_arm64 |
| Red Hat | openshift-logging/elasticsearch-proxy-rhel9@sha256:526cb245f74190516468b380b1dfe302c7a270c6f5e40708a696d54df640e041_ppc64le as a component of RHOL 5.8 for RHEL 9 | openshift-logging/elasticsearch-proxy-rhel9@sha256:526cb245f74190516468b380b1dfe302c7a270c6f5e40708a696d54df640e041_ppc64le |
| Red Hat | openshift-logging/eventrouter-rhel9@sha256:01af9f73e47407759bfa083e0b75655ac02dcb5abbf42f1be40d21c9321a28cd_amd64 as a component of RHOL 5.8 for RHEL 9 | * |
| Red Hat | openshift-logging/elasticsearch-proxy-rhel9@sha256:7393fa8a34232062577f9b78b53630dec2d79a383805e9305ca36d2d34ea5de0_s390x as a component of RHOL 5.8 for RHEL 9 | openshift-logging/elasticsearch-proxy-rhel9@sha256:7393fa8a34232062577f9b78b53630dec2d79a383805e9305ca36d2d34ea5de0_s390x |
| Red Hat | openshift-logging/logging-curator5-rhel9@sha256:edb1bb40ff090f59ab734b84a0e45db949f320f151f9bbfc39529387c462f366_arm64 as a component of RHOL 5.8 for RHEL 9 | openshift-logging/logging-curator5-rhel9@sha256:edb1bb40ff090f59ab734b84a0e45db949f320f151f9bbfc39529387c462f366_arm64 |
| Red Hat | openshift-logging/fluentd-rhel9@sha256:42d1eed6409836f5e73a119a46a179dec9e96d821d5d742dff35f08eb986807c_ppc64le as a component of RHOL 5.8 for RHEL 9 | openshift-logging/fluentd-rhel9@sha256:42d1eed6409836f5e73a119a46a179dec9e96d821d5d742dff35f08eb986807c_ppc64le |
| Red Hat | openshift-logging/elasticsearch6-rhel9@sha256:2b88ad83be942f63d284d3e03b3c32142fedf46f5e7c3d3bbbb6f2451ae2daf5_s390x as a component of RHOL 5.8 for RHEL 9 | * |
| Red Hat | openshift-logging/elasticsearch6-rhel9@sha256:1bd4cac1d2078737bbfc2e4ed1b520d47ab66c68d0d7dd92abc414b0d36ed020_amd64 as a component of RHOL 5.8 for RHEL 9 | openshift-logging/elasticsearch6-rhel9@sha256:1bd4cac1d2078737bbfc2e4ed1b520d47ab66c68d0d7dd92abc414b0d36ed020_amd64 |
| Red Hat | openshift-logging/cluster-logging-rhel9-operator@sha256:e1da801f88284017b42bf0ab7bfa8d3246708a1d669c03e4f8e10b7e7b57328a_ppc64le as a component of RHOL 5.8 for RHEL 9 | * |
| Red Hat | openshift-logging/logging-curator5-rhel9@sha256:2e27c1dd9cfa13ba99f067cb223d1a29f16e751a68980fd6e9240175696871cd_ppc64le as a component of RHOL 5.8 for RHEL 9 | openshift-logging/logging-curator5-rhel9@sha256:2e27c1dd9cfa13ba99f067cb223d1a29f16e751a68980fd6e9240175696871cd_ppc64le |
| Red Hat | openshift-logging/lokistack-gateway-rhel9@sha256:e94134307b0f854410f0c05ba14410588608910fca9ff6b526560072af0240d3_amd64 as a component of RHOL 5.8 for RHEL 9 | openshift-logging/lokistack-gateway-rhel9@sha256:e94134307b0f854410f0c05ba14410588608910fca9ff6b526560072af0240d3_amd64 |
…and 39 more
Timeline
- May 23, 2024 CVE Published
- Apr 25, 2026 CVE Updated
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2024:2932 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2268273 issue
- https://issues.redhat.com/browse/LOG-4949 advisory
- https://issues.redhat.com/browse/LOG-5467 advisory
- https://issues.redhat.com/browse/LOG-5471 advisory
- https://issues.redhat.com/browse/LOG-5514 advisory
- https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_2932.json advisory
- https://access.redhat.com/security/cve/CVE-2023-45288 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-45288 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-45288 advisory
- https://nowotarski.info/http2-continuation-flood/ advisory
- https://pkg.go.dev/vuln/GO-2024-2687 advisory
- https://www.kb.cert.org/vuls/id/421644 advisory