RHSA-2024%3A3927
A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RST_STREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any server-side limit for the maximum number of active streams per connection, resulting in a denial of service due to server resource consumption. Red Hat has rated the severity of this flaw as 'Important' as the US Cybersecurity and Infrastructure Security Agency (CISA) declared this vulnerability an active exploit. CVE-2023-39325 was assigned for the `Rapid Reset Attack` in the Go language packages.
Risk Scores
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Red Hat | rhceph/ceph-nvmeof-cli-rhel9@sha256:931e21e519fd5d983313d1f36f8c0585c07e80a6fc9396880fa395c11eb6e3e6_amd64 as a component of Red Hat Ceph Storage 7.1 Tools | *, rhceph/ceph-nvmeof-cli-rhel9@sha256:931e21e519fd5d983313d1f36f8c0585c07e80a6fc9396880fa395c11eb6e3e6_amd64, rhceph/ceph-nvmeof-cli-rhel9@sha256:931e21e519fd5d983313d1f36f8c0585c07e80a6fc9396880fa395c11eb6e3e6_amd64 |
| Red Hat | rhceph/snmp-notifier-rhel9@sha256:fbee3bd0c1c84c25d8508e8c68f8ad933457dcd2263c118c3da2554002f48a49_s390x as a component of Red Hat Ceph Storage 7.1 Tools | rhceph/snmp-notifier-rhel9@sha256:fbee3bd0c1c84c25d8508e8c68f8ad933457dcd2263c118c3da2554002f48a49_s390x, *, * |
| Red Hat | rhceph/rhceph-haproxy-rhel9@sha256:6600b6e96f3126775ab5faa5c177a1c18b14afd20f1b7ab553faec837271e50e_s390x as a component of Red Hat Ceph Storage 7.1 Tools | rhceph/rhceph-haproxy-rhel9@sha256:6600b6e96f3126775ab5faa5c177a1c18b14afd20f1b7ab553faec837271e50e_s390x, *, rhceph/rhceph-haproxy-rhel9@sha256:6600b6e96f3126775ab5faa5c177a1c18b14afd20f1b7ab553faec837271e50e_s390x |
| Red Hat | rhceph/keepalived-rhel9@sha256:176a386fc3bd29a56039c6eb70ef1f504190b633e533b41a52953160f82feb30_ppc64le as a component of Red Hat Ceph Storage 7.1 Tools | rhceph/keepalived-rhel9@sha256:176a386fc3bd29a56039c6eb70ef1f504190b633e533b41a52953160f82feb30_ppc64le, *, rhceph/keepalived-rhel9@sha256:176a386fc3bd29a56039c6eb70ef1f504190b633e533b41a52953160f82feb30_ppc64le |
| Red Hat | rhceph/rhceph-promtail-rhel9@sha256:24576483bf4bf367e5556d93f4fd2bf0774a05fe5be6f81edeee9c71354e3647_amd64 as a component of Red Hat Ceph Storage 7.1 Tools | rhceph/rhceph-promtail-rhel9@sha256:24576483bf4bf367e5556d93f4fd2bf0774a05fe5be6f81edeee9c71354e3647_amd64, *, rhceph/rhceph-promtail-rhel9@sha256:24576483bf4bf367e5556d93f4fd2bf0774a05fe5be6f81edeee9c71354e3647_amd64 |
| Red Hat | rhceph/ceph-nvmeof-cli-rhel9@sha256:8f81cd8b292f9556bd070ce7544b3da902b76c818b3f63b2f92da2f9b85577b4_ppc64le as a component of Red Hat Ceph Storage 7.1 Tools | *, *, rhceph/ceph-nvmeof-cli-rhel9@sha256:8f81cd8b292f9556bd070ce7544b3da902b76c818b3f63b2f92da2f9b85577b4_ppc64le |
| Red Hat | rhceph/keepalived-rhel9@sha256:7733dd9a62992c5fa63a1e19aa6cc148448482bfb9dcfc80d1cd12c971b487db_s390x as a component of Red Hat Ceph Storage 7.1 Tools | *, rhceph/keepalived-rhel9@sha256:7733dd9a62992c5fa63a1e19aa6cc148448482bfb9dcfc80d1cd12c971b487db_s390x, rhceph/keepalived-rhel9@sha256:7733dd9a62992c5fa63a1e19aa6cc148448482bfb9dcfc80d1cd12c971b487db_s390x |
| Red Hat | rhceph/ceph-nvmeof-rhel9@sha256:06cfbdb4b4b25598a351dfecbfeabd9db546c3d0092fd9ea1f04ed18fb8faed6_ppc64le as a component of Red Hat Ceph Storage 7.1 Tools | *, rhceph/ceph-nvmeof-rhel9@sha256:06cfbdb4b4b25598a351dfecbfeabd9db546c3d0092fd9ea1f04ed18fb8faed6_ppc64le, rhceph/ceph-nvmeof-rhel9@sha256:06cfbdb4b4b25598a351dfecbfeabd9db546c3d0092fd9ea1f04ed18fb8faed6_ppc64le |
| Red Hat | rhceph/keepalived-rhel9@sha256:176a386fc3bd29a56039c6eb70ef1f504190b633e533b41a52953160f82feb30_ppc64le as a component of Red Hat Ceph Storage 7.1 Tools | rhceph/keepalived-rhel9@sha256:176a386fc3bd29a56039c6eb70ef1f504190b633e533b41a52953160f82feb30_ppc64le, *, * |
| Red Hat | rhceph/ceph-nvmeof-rhel9@sha256:06cfbdb4b4b25598a351dfecbfeabd9db546c3d0092fd9ea1f04ed18fb8faed6_ppc64le as a component of Red Hat Ceph Storage 7.1 Tools | rhceph/ceph-nvmeof-rhel9@sha256:06cfbdb4b4b25598a351dfecbfeabd9db546c3d0092fd9ea1f04ed18fb8faed6_ppc64le, *, rhceph/ceph-nvmeof-rhel9@sha256:06cfbdb4b4b25598a351dfecbfeabd9db546c3d0092fd9ea1f04ed18fb8faed6_ppc64le |
| Red Hat | rhceph/ceph-nvmeof-cli-rhel9@sha256:8f81cd8b292f9556bd070ce7544b3da902b76c818b3f63b2f92da2f9b85577b4_ppc64le as a component of Red Hat Ceph Storage 7.1 Tools | rhceph/ceph-nvmeof-cli-rhel9@sha256:8f81cd8b292f9556bd070ce7544b3da902b76c818b3f63b2f92da2f9b85577b4_ppc64le, *, rhceph/ceph-nvmeof-cli-rhel9@sha256:8f81cd8b292f9556bd070ce7544b3da902b76c818b3f63b2f92da2f9b85577b4_ppc64le |
| Red Hat | rhceph/grafana-rhel9@sha256:1b8dda6cf9a50a601f51bc7d98b98948998e0abd86e98bad622144c52f50843b_ppc64le as a component of Red Hat Ceph Storage 7.1 Tools | rhceph/grafana-rhel9@sha256:1b8dda6cf9a50a601f51bc7d98b98948998e0abd86e98bad622144c52f50843b_ppc64le, rhceph/grafana-rhel9@sha256:1b8dda6cf9a50a601f51bc7d98b98948998e0abd86e98bad622144c52f50843b_ppc64le, rhceph/grafana-rhel9@sha256:1b8dda6cf9a50a601f51bc7d98b98948998e0abd86e98bad622144c52f50843b_ppc64le |
| Red Hat | rhceph/grafana-rhel9@sha256:22e29ab0738ce353ca48d3f938cbee0277592dcdfd0644201c30616f2369dd32_s390x as a component of Red Hat Ceph Storage 7.1 Tools | rhceph/grafana-rhel9@sha256:22e29ab0738ce353ca48d3f938cbee0277592dcdfd0644201c30616f2369dd32_s390x, *, rhceph/grafana-rhel9@sha256:22e29ab0738ce353ca48d3f938cbee0277592dcdfd0644201c30616f2369dd32_s390x |
| Red Hat | rhceph/rhceph-7-rhel9@sha256:3d75ca419b9ef00cf2c944680737e84e6e1059e0f33156bc21d4dbf76a7da5b1_amd64 as a component of Red Hat Ceph Storage 7.1 Tools | rhceph/rhceph-7-rhel9@sha256:3d75ca419b9ef00cf2c944680737e84e6e1059e0f33156bc21d4dbf76a7da5b1_amd64, rhceph/rhceph-7-rhel9@sha256:3d75ca419b9ef00cf2c944680737e84e6e1059e0f33156bc21d4dbf76a7da5b1_amd64, rhceph/rhceph-7-rhel9@sha256:3d75ca419b9ef00cf2c944680737e84e6e1059e0f33156bc21d4dbf76a7da5b1_amd64 |
| Red Hat | rhceph/rhceph-haproxy-rhel9@sha256:224a49c01a8e016c744d12415e5592eb4872b23ce509ecacf4f20c9b836ca35d_amd64 as a component of Red Hat Ceph Storage 7.1 Tools | rhceph/rhceph-haproxy-rhel9@sha256:224a49c01a8e016c744d12415e5592eb4872b23ce509ecacf4f20c9b836ca35d_amd64, rhceph/rhceph-haproxy-rhel9@sha256:224a49c01a8e016c744d12415e5592eb4872b23ce509ecacf4f20c9b836ca35d_amd64, rhceph/rhceph-haproxy-rhel9@sha256:224a49c01a8e016c744d12415e5592eb4872b23ce509ecacf4f20c9b836ca35d_amd64 |
| Red Hat | rhceph/rhceph-7-rhel9@sha256:3d75ca419b9ef00cf2c944680737e84e6e1059e0f33156bc21d4dbf76a7da5b1_amd64 as a component of Red Hat Ceph Storage 7.1 Tools | rhceph/rhceph-7-rhel9@sha256:3d75ca419b9ef00cf2c944680737e84e6e1059e0f33156bc21d4dbf76a7da5b1_amd64, *, * |
| Red Hat | rhceph/snmp-notifier-rhel9@sha256:ce91a88201bba1e5f6058ff2c58eecfce3fd06f5fb55c2042708248b69425cf5_amd64 as a component of Red Hat Ceph Storage 7.1 Tools | rhceph/snmp-notifier-rhel9@sha256:ce91a88201bba1e5f6058ff2c58eecfce3fd06f5fb55c2042708248b69425cf5_amd64, rhceph/snmp-notifier-rhel9@sha256:ce91a88201bba1e5f6058ff2c58eecfce3fd06f5fb55c2042708248b69425cf5_amd64, rhceph/snmp-notifier-rhel9@sha256:ce91a88201bba1e5f6058ff2c58eecfce3fd06f5fb55c2042708248b69425cf5_amd64 |
| Red Hat | rhceph/rhceph-haproxy-rhel9@sha256:cedce5376ab17fd5bbb274009cbd94d4c558ef0d548f86a6ef479d9d25a63c6f_ppc64le as a component of Red Hat Ceph Storage 7.1 Tools | *, rhceph/rhceph-haproxy-rhel9@sha256:cedce5376ab17fd5bbb274009cbd94d4c558ef0d548f86a6ef479d9d25a63c6f_ppc64le, rhceph/rhceph-haproxy-rhel9@sha256:cedce5376ab17fd5bbb274009cbd94d4c558ef0d548f86a6ef479d9d25a63c6f_ppc64le |
| Red Hat | rhceph/snmp-notifier-rhel9@sha256:be6f908a081fcefb3e6925ee2d416ba0abf6f488b7297d18a69af95250386f3f_ppc64le as a component of Red Hat Ceph Storage 7.1 Tools | rhceph/snmp-notifier-rhel9@sha256:be6f908a081fcefb3e6925ee2d416ba0abf6f488b7297d18a69af95250386f3f_ppc64le, rhceph/snmp-notifier-rhel9@sha256:be6f908a081fcefb3e6925ee2d416ba0abf6f488b7297d18a69af95250386f3f_ppc64le, rhceph/snmp-notifier-rhel9@sha256:be6f908a081fcefb3e6925ee2d416ba0abf6f488b7297d18a69af95250386f3f_ppc64le |
| Red Hat | rhceph/rhceph-promtail-rhel9@sha256:24576483bf4bf367e5556d93f4fd2bf0774a05fe5be6f81edeee9c71354e3647_amd64 as a component of Red Hat Ceph Storage 7.1 Tools | rhceph/rhceph-promtail-rhel9@sha256:24576483bf4bf367e5556d93f4fd2bf0774a05fe5be6f81edeee9c71354e3647_amd64, rhceph/rhceph-promtail-rhel9@sha256:24576483bf4bf367e5556d93f4fd2bf0774a05fe5be6f81edeee9c71354e3647_amd64, rhceph/rhceph-promtail-rhel9@sha256:24576483bf4bf367e5556d93f4fd2bf0774a05fe5be6f81edeee9c71354e3647_amd64 |
…and 24 more
Timeline
- Jun 13, 2024 CVE Published
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Distribution Patch
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- Apr 25, 2026 Security Advisory
- May 16, 2026 CVE Updated
References
- https://access.redhat.com/errata/RHSA-2024:3927 advisory
- https://access.redhat.com/security/updates/classification/#moderate advisory
- https://access.redhat.com/security/cve/CVE-2023-39325 advisory
- https://access.redhat.com/security/cve/CVE-2024-22195 advisory
- https://bugzilla.redhat.com/show_bug.cgi?id=2243296 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2257854 issue
- https://bugzilla.redhat.com/show_bug.cgi?id=2268114 issue
- https://security.access.redhat.com/data/csaf/v2/advisories/2024/rhsa-2024_3927.json advisory
- https://access.redhat.com/security/vulnerabilities/RHSB-2023-003 advisory
- https://www.cve.org/CVERecord?id=CVE-2023-39325 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2023-39325 advisory
- https://access.redhat.com/security/cve/CVE-2023-44487 advisory
- https://go.dev/issue/63417 advisory
- https://pkg.go.dev/vuln/GO-2023-2102 advisory
- https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487 advisory
- https://www.cve.org/CVERecord?id=CVE-2024-22195 advisory
- https://nvd.nist.gov/vuln/detail/CVE-2024-22195 advisory
- https://github.com/pallets/jinja/releases/tag/3.1.3 advisory
- https://github.com/pallets/jinja/security/advisories/GHSA-h5c8-rqwp-cp95 advisory