CVE-2023-39325

Public on 2023-10-11
Modified on 2024-04-29
Description
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Severity
Important severity
Important
CVSS v3 Base Score
7.5
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 2 - Core amazon-cloudwatch-agent 2024-01-19 ALAS2-2024-2424 Fixed
Amazon Linux 2023 amazon-cloudwatch-agent 2024-01-19 ALAS2023-2024-498 Fixed
Amazon Linux 2 - Ecs Extra amazon-ecr-credential-helper Pending Fix
Amazon Linux 2 - Docker Extra amazon-ecr-credential-helper 2023-10-31 ALAS2DOCKER-2023-034 Fixed
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra amazon-ecr-credential-helper 2023-10-31 ALAS2NITRO-ENCLAVES-2023-033 Fixed
Amazon Linux 1 amazon-ssm-agent 2024-02-14 ALAS-2024-1920 Fixed
Amazon Linux 2 - Core amazon-ssm-agent 2024-02-15 ALAS2-2024-2458 Fixed
Amazon Linux 2023 amazon-ssm-agent 2024-02-15 ALAS2023-2024-526 Fixed
Amazon Linux 2 - Core cni-plugins 2023-10-30 ALAS2-2023-2325 Fixed
Amazon Linux 2023 cni-plugins 2023-10-30 ALAS2023-2023-419 Fixed
Amazon Linux 1 containerd Not Affected
Amazon Linux 2 - Docker Extra containerd Not Affected
Amazon Linux 2 - Ecs Extra containerd 2024-03-04 ALAS2ECS-2024-035 Fixed
Amazon Linux 2023 containerd Not Affected
Amazon Linux 2 - Core cri-tools 2023-10-30 ALAS2-2023-2324 Fixed
Amazon Linux 2 - Docker Extra docker 2023-10-18 ALAS2DOCKER-2023-031 Fixed
Amazon Linux 2 - Ecs Extra docker 2023-10-31 ALAS2ECS-2023-019 Fixed
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra docker 2023-10-18 ALAS2NITRO-ENCLAVES-2023-030 Fixed
Amazon Linux 2023 docker 2023-10-18 ALAS2023-2023-397 Fixed
Amazon Linux 2 - Ecs Extra ecs-init 2023-11-09 ALAS2ECS-2023-020 Fixed
Amazon Linux 2023 ecs-init 2023-11-09 ALAS2023-2023-434 Fixed
Amazon Linux 2023 ecs-init 2023-11-09 ALAS2023-2023-435 Fixed
Amazon Linux 1 golang 2023-10-16 ALAS-2023-1871 Fixed
Amazon Linux 2 - Core golang 2023-10-16 ALAS2-2023-2313 Fixed
Amazon Linux 2023 golang 2023-10-16 ALAS2023-2023-394 Fixed
Amazon Linux 2 - Core golist 2023-10-30 ALAS2-2023-2326 Fixed
Amazon Linux 2 - Core nerdctl 2023-11-09 ALAS2-2023-2339 Fixed
Amazon Linux 2023 oci-add-hooks 2023-10-30 ALAS2023-2023-418 Fixed
Amazon Linux 2 - Docker Extra runc 2023-10-18 ALAS2DOCKER-2023-033 Fixed
Amazon Linux 2 - Ecs Extra runc 2023-10-31 ALAS2ECS-2023-018 Fixed
Amazon Linux 2 - Aws-nitro-enclaves-cli Extra runc 2023-10-18 ALAS2NITRO-ENCLAVES-2023-032 Fixed
Amazon Linux 2023 runc 2023-10-18 ALAS2023-2023-396 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
NVD CVSSv3 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

Red Hat: CVE-2023-39325 Mitre: CVE-2023-39325