VDB
RHSA-2024%3A3315
RHSA-2024%3A3315
PUBLISHED
CVSS 7.5 HIGH
A vulnerability was discovered with the implementation of the HTTP/2 protocol in the Go programming language. There were insufficient limitations on the amount of CONTINUATION frames sent within a single stream. An attacker could potentially exploit this to cause a Denial of Service (DoS) attack.
Risk Scores
CVSS 3.1
7.5
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | container-native-virtualization/ovs-cni-plugin-rhel9@sha256:0198b1de73184e4676790862b3dddeae8021283512bf81f50abb320a1e64535d_amd64 as a component of CNV 4.13 for RHEL 9 | * |
| Red Hat | container-native-virtualization/virt-operator-rhel9@sha256:a4158367bb21c75ce4aad9306abe3c8a95797428d941a9d6b4d9562fbd280280_amd64 as a component of CNV 4.13 for RHEL 9 | * |
| Red Hat | container-native-virtualization/virt-cdi-importer-rhel9@sha256:40ffde76cf4195a8573fb49e48fbaec62dd1786dd5d52857737ed0eddd27a396_amd64 as a component of CNV 4.13 for RHEL 9 | container-native-virtualization/virt-cdi-importer-rhel9@sha256:40ffde76cf4195a8573fb49e48fbaec62dd1786dd5d52857737ed0eddd27a396_amd64 |
| Red Hat | container-native-virtualization/hyperconverged-cluster-operator-rhel9@sha256:aac94783f1fc202506bca64f8e85cf964e7751c073cf7f1210864928f74ced6f_amd64 as a component of CNV 4.13 for RHEL 9 | * |
| Red Hat | container-native-virtualization/hostpath-provisioner-rhel9@sha256:254f6b5aa19be44e492c57eac47874fcc332242953c923753de317c90dcb8c96_amd64 as a component of CNV 4.13 for RHEL 9 | container-native-virtualization/hostpath-provisioner-rhel9@sha256:254f6b5aa19be44e492c57eac47874fcc332242953c923753de317c90dcb8c96_amd64 |
| Red Hat | container-native-virtualization/hostpath-provisioner-operator-rhel9@sha256:03c178c83c0aea8091ed4122fae030febfddd6422d15d7dc5df19ddd08a70907_amd64 as a component of CNV 4.13 for RHEL 9 | container-native-virtualization/hostpath-provisioner-operator-rhel9@sha256:03c178c83c0aea8091ed4122fae030febfddd6422d15d7dc5df19ddd08a70907_amd64 |
| Red Hat | container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:0a5ad7e9d9ef1ec0809cb0e69814087de930f39830d7bbeff2ef7c545382e5fe_amd64 as a component of CNV 4.13 for RHEL 9 | container-native-virtualization/kubevirt-tekton-tasks-disk-virt-customize-rhel9@sha256:0a5ad7e9d9ef1ec0809cb0e69814087de930f39830d7bbeff2ef7c545382e5fe_amd64 |
| Red Hat | container-native-virtualization/ovs-cni-plugin-rhel9@sha256:8fd6d59d80eeb1ba032efd1ddbcbf40f3d354b39b527cdb1ce3c01358820206a_arm64 as a component of CNV 4.13 for RHEL 9 | container-native-virtualization/ovs-cni-plugin-rhel9@sha256:8fd6d59d80eeb1ba032efd1ddbcbf40f3d354b39b527cdb1ce3c01358820206a_arm64 |
| Red Hat | container-native-virtualization/virt-cdi-uploadproxy-rhel9@sha256:635e222302aa3c9ff9eed7d1de03c7622b30d07ee0bf2d5c8628e8fbc4324d1a_arm64 as a component of CNV 4.13 for RHEL 9 | container-native-virtualization/virt-cdi-uploadproxy-rhel9@sha256:635e222302aa3c9ff9eed7d1de03c7622b30d07ee0bf2d5c8628e8fbc4324d1a_arm64 |
| Red Hat | container-native-virtualization/vm-console-proxy-rhel9@sha256:47f5bbf5fdfbb79d1aaaf7b30629e8c3e601a505c86690c4d950ba7ec5d0bc40_arm64 as a component of CNV 4.13 for RHEL 9 | container-native-virtualization/vm-console-proxy-rhel9@sha256:47f5bbf5fdfbb79d1aaaf7b30629e8c3e601a505c86690c4d950ba7ec5d0bc40_arm64 |
| Red Hat | container-native-virtualization/kubevirt-template-validator-rhel9@sha256:31dcc58238626f998f6c0a4abcfee277b21032c25ef1ca75aa38328b3ac74298_arm64 as a component of CNV 4.13 for RHEL 9 | container-native-virtualization/kubevirt-template-validator-rhel9@sha256:31dcc58238626f998f6c0a4abcfee277b21032c25ef1ca75aa38328b3ac74298_arm64 |
| Red Hat | container-native-virtualization/kubevirt-tekton-tasks-operator-rhel9@sha256:ffe7793dcf7887339d4c47d18f75b70f648cc46af410f5808633ae1327f7845b_arm64 as a component of CNV 4.13 for RHEL 9 | * |
| Red Hat | container-native-virtualization/kubemacpool-rhel9@sha256:fa52bd6689370d0ed46ad57bf33680f349c7c6348acced6d6d8a49ed064d8acd_amd64 as a component of CNV 4.13 for RHEL 9 | container-native-virtualization/kubemacpool-rhel9@sha256:fa52bd6689370d0ed46ad57bf33680f349c7c6348acced6d6d8a49ed064d8acd_amd64 |
| Red Hat | container-native-virtualization/virt-exportproxy-rhel9@sha256:3c092f36a42f714d70d4b0eec329c88becd71a29fe9416541b0d9eea48d22e7d_arm64 as a component of CNV 4.13 for RHEL 9 | * |
| Red Hat | container-native-virtualization/kubevirt-console-plugin-rhel9@sha256:bb9622ab311b1c5517fd674373fd9ea8a6a934551820a9d64f645732fd18f459_amd64 as a component of CNV 4.13 for RHEL 9 | container-native-virtualization/kubevirt-console-plugin-rhel9@sha256:bb9622ab311b1c5517fd674373fd9ea8a6a934551820a9d64f645732fd18f459_amd64 |
| Red Hat | container-native-virtualization/virt-launcher-rhel9@sha256:ab4632c2c755e61dd812b01499b7eaa281bea25265d43179730919c913112bb9_arm64 as a component of CNV 4.13 for RHEL 9 | container-native-virtualization/virt-launcher-rhel9@sha256:ab4632c2c755e61dd812b01499b7eaa281bea25265d43179730919c913112bb9_arm64 |
| Red Hat | container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9@sha256:d09e282991464ee935d9992deae9594d7997bcd6fd2b215e86ca2669550e0951_arm64 as a component of CNV 4.13 for RHEL 9 | container-native-virtualization/kubevirt-tekton-tasks-wait-for-vmi-status-rhel9@sha256:d09e282991464ee935d9992deae9594d7997bcd6fd2b215e86ca2669550e0951_arm64 |
| Red Hat | container-native-virtualization/virt-cdi-uploadserver-rhel9@sha256:e7ad1ec04f37cee55bade906be4845d02e79b2a8c8764af427ce0372c42d159f_amd64 as a component of CNV 4.13 for RHEL 9 | * |
| Red Hat | container-native-virtualization/virt-cdi-uploadserver-rhel9@sha256:c2bccabb2db8b4f4e08c8f0c232a7320662390f286de769f9c76fde9c0968728_arm64 as a component of CNV 4.13 for RHEL 9 | container-native-virtualization/virt-cdi-uploadserver-rhel9@sha256:c2bccabb2db8b4f4e08c8f0c232a7320662390f286de769f9c76fde9c0968728_arm64 |
| Red Hat | container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template-rhel9@sha256:191a138401370cc59ecd78c94758eb02ff606454a7ecbe90514699cf5b016c56_amd64 as a component of CNV 4.13 for RHEL 9 | container-native-virtualization/kubevirt-tekton-tasks-modify-vm-template-rhel9@sha256:191a138401370cc59ecd78c94758eb02ff606454a7ecbe90514699cf5b016c56_amd64 |
…and 72 more
Timeline
- May 23, 2024 CVE Published
- Apr 25, 2026 CVE Updated
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
References
- https://access.redhat.com/errata/RHSA-2024:3315 advisory
- https://access.redhat.com/security/updates/classification/#important advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2268273 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3315.json advisory
- https://access.redhat.com/security/cve/CVE-2023-45288 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-45288 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-45288 advisory
- https://nowotarski.info/http2-continuation-flood/ advisory
- https://pkg.go.dev/vuln/GO-2024-2687 advisory
- https://www.kb.cert.org/vuls/id/421644 advisory