CVE-2023-39325

Public on 2023-10-11
Modified on 2023-10-11
Description
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Severity
Important severity
Important
CVSS v3 Base Score
7.5
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
Amazon Linux 2 amazon-cloudwatch-agent Pending Fix
Amazon Linux 2023 amazon-cloudwatch-agent Pending Fix
Amazon Linux 2 amazon-ecr-credential-helper 2023-10-31 ALAS2DOCKER-2023-034 Fixed
Amazon Linux 2 amazon-ecr-credential-helper 2023-10-31 ALAS2NITRO-ENCLAVES-2023-033 Fixed
Amazon Linux 1 amazon-ssm-agent Pending Fix
Amazon Linux 2 amazon-ssm-agent Pending Fix
Amazon Linux 2023 amazon-ssm-agent Pending Fix
Amazon Linux 2 cni-plugins 2023-10-30 ALAS2-2023-2325 Fixed
Amazon Linux 2023 cni-plugins 2023-10-30 ALAS2023-2023-419 Fixed
Amazon Linux 1 containerd 2023-11-10 ALAS-2023-1888 Fixed
Amazon Linux 2 containerd 2023-10-18 ALAS2DOCKER-2023-032 Fixed
Amazon Linux 2 containerd 2023-10-31 ALAS2ECS-2023-017 Fixed
Amazon Linux 2 containerd 2023-10-18 ALAS2NITRO-ENCLAVES-2023-031 Fixed
Amazon Linux 2023 containerd 2023-10-18 ALAS2023-2023-395 Fixed
Amazon Linux 2 cri-tools 2023-10-30 ALAS2-2023-2324 Fixed
Amazon Linux 2 docker 2023-10-18 ALAS2DOCKER-2023-031 Fixed
Amazon Linux 2 docker 2023-10-31 ALAS2ECS-2023-019 Fixed
Amazon Linux 2 docker 2023-10-18 ALAS2NITRO-ENCLAVES-2023-030 Fixed
Amazon Linux 2023 docker 2023-10-18 ALAS2023-2023-397 Fixed
Amazon Linux 2 ecs-init 2023-11-09 ALAS2ECS-2023-020 Fixed
Amazon Linux 2023 ecs-init 2023-11-09 ALAS2023-2023-434 Fixed
Amazon Linux 2023 ecs-init 2023-11-09 ALAS2023-2023-435 Fixed
Amazon Linux 1 golang 2023-10-16 ALAS-2023-1871 Fixed
Amazon Linux 2 golang 2023-10-16 ALAS2-2023-2313 Fixed
Amazon Linux 2023 golang 2023-10-16 ALAS2023-2023-394 Fixed
Amazon Linux 2 golist 2023-10-30 ALAS2-2023-2326 Fixed
Amazon Linux 2 nerdctl 2023-11-09 ALAS2-2023-2339 Fixed
Amazon Linux 2023 oci-add-hooks 2023-10-30 ALAS2023-2023-418 Fixed
Amazon Linux 2 runc 2023-10-18 ALAS2DOCKER-2023-033 Fixed
Amazon Linux 2 runc 2023-10-31 ALAS2ECS-2023-018 Fixed
Amazon Linux 2 runc 2023-10-18 ALAS2NITRO-ENCLAVES-2023-032 Fixed
Amazon Linux 2023 runc 2023-10-18 ALAS2023-2023-396 Fixed

CVSS Scores

Score Type Score Vector
Amazon Linux CVSSv3 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
NVD CVSSv3 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H