Showing 1 - 25 of 124

CVE-2023-39325

Status Candidate

Overview

A malicious HTTP/2 client which rapidly creates requests and immediately resets them can cause excessive server resource consumption. While the total number of requests is bounded by the http2.Server.MaxConcurrentStreams setting, resetting an in-progress request allows the attacker to create a new request while the existing one is still executing. With the fix applied, HTTP/2 servers now bound the number of simultaneously executing handler goroutines to the stream concurrency limit (MaxConcurrentStreams). New requests arriving when at the limit (which can only happen after the client has reset an existing, in-flight request) will be queued until a handler exits. If the request queue grows too large, the server will terminate the connection. This issue is also fixed in golang.org/x/net/http2 for users manually configuring HTTP/2. The default stream concurrency limit is 250 streams (requests) per HTTP/2 connection. This value may be adjusted using the golang.org/x/net/http2 package; see the Server.MaxConcurrentStreams setting and the ConfigureServer function.

Related Files

Ubuntu Security Notice USN-7061-1: Posted Oct 10, 2024; Authored by Ubuntu | Site security.ubuntu.com; Ubuntu Security Notice 7061-1 - Hunter Wittenborn discovered that Go incorrectly handled the sanitization of environment variables. An attacker could possibly use this issue to run arbitrary commands. Sohom Datta discovered that Go did not properly validate backticks as Javascript string delimiters, and did not escape them as expected. An attacker could possibly use this issue to inject arbitrary Javascript code into the Go template.; tags | advisory, arbitrary, javascript; systems | linux, ubuntu; advisories | CVE-2023-24531, CVE-2023-24538, CVE-2023-29402, CVE-2023-29403, CVE-2023-29404, CVE-2023-29405, CVE-2023-29406, CVE-2023-39319, CVE-2023-39325, CVE-2024-24785; SHA-256 | 366aa6bc269ca28c4b992ad13527bd77d7968a9ad5dcd84915ed51954acbe4c1; Download | Favorite | View

Red Hat Security Advisory 2024-4118-03: Posted Jun 27, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-4118-03 - An update is now available for Red Hat Ceph Storage 5.3. Issues addressed include denial of service and traversal vulnerabilities.; tags | advisory, denial of service, vulnerability; systems | linux, redhat; advisories | CVE-2023-39325; SHA-256 | a969ee2cce4f0aadc7c69ca3016f7ccfd1e24e38056af106a4ea061a1a379369; Download | Favorite | View

Red Hat Security Advisory 2024-3927-03: Posted Jun 14, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-3927-03 - A new container image for Red Hat Ceph Storage 7.1 is now available in the Red Hat Ecosystem Catalog.; tags | advisory; systems | linux, redhat; advisories | CVE-2023-39325; SHA-256 | 2a34112f7e1e0cd7312b6bcfdaede6f66f1ddaa933d2c4670c126974da2d0af9; Download | Favorite | View

Red Hat Security Advisory 2024-1765-03: Posted Apr 23, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-1765-03 - Red Hat OpenShift Container Platform release 4.14.21 is now available with updates to packages and images that fix several bugs and add enhancements.; tags | advisory; systems | linux, redhat; advisories | CVE-2023-39325; SHA-256 | 05481f7c3649a9e35aede703a8538b33720ac9d22340adc40f7958520c4d04de; Download | Favorite | View

Red Hat Security Advisory 2024-1770-03: Posted Apr 17, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-1770-03 - Red Hat OpenShift Container Platform release 4.15.9 is now available with updates to packages and images that fix several bugs and add enhancements.; tags | advisory; systems | linux, redhat; advisories | CVE-2023-39325; SHA-256 | daee32868e7ca70e2bde712186648be799e997daa39555af43a1ec11879bd6d9; Download | Favorite | View

Red Hat Security Advisory 2024-1572-03: Posted Apr 3, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-1572-03 - Red Hat OpenShift Container Platform release 4.12.54 is now available with updates to packages and images that fix several bugs and add enhancements.; tags | advisory; systems | linux, redhat; advisories | CVE-2023-39325; SHA-256 | 60434a47d41fd723b913ce39f134663ea9ecbd84f54bda9de217da51e443283a; Download | Favorite | View

Red Hat Security Advisory 2024-1464-03: Posted Mar 28, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-1464-03 - Red Hat OpenShift Container Platform release 4.11.59 is now available with updates to packages and images that fix several bugs and add enhancements.; tags | advisory; systems | linux, redhat; advisories | CVE-2023-39325; SHA-256 | d923fa30065852ae0a83cda8a9dbf574449cb506ee1506cc7c34af2265d9920e; Download | Favorite | View

Red Hat Security Advisory 2024-1449-03: Posted Mar 28, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-1449-03 - Red Hat OpenShift Container Platform release 4.15.5 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.; tags | advisory, denial of service; systems | linux, redhat; advisories | CVE-2023-39325; SHA-256 | 411f8be9e2cd7e31467ea75a03c86dbda9b5cc6baf18efa8cff43e0323028924; Download | Favorite | View

Red Hat Security Advisory 2024-1458-03: Posted Mar 27, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-1458-03 - Red Hat OpenShift Container Platform release 4.14.18 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.; tags | advisory, denial of service; systems | linux, redhat; advisories | CVE-2023-39325; SHA-256 | 7a0151c80a85d152c9d9040e75203632a9286f02cafca6a401b093e08121249d; Download | Favorite | View

Red Hat Security Advisory 2024-1454-03: Posted Mar 27, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-1454-03 - Red Hat OpenShift Container Platform release 4.13.38 is now available with updates to packages and images that fix several bugs and add enhancements.; tags | advisory; systems | linux, redhat; advisories | CVE-2023-39325; SHA-256 | 71bace167afcc96939c35c388f9fa93c27cfc6960e677ca356311fa3f9c29d5a; Download | Favorite | View

Red Hat Security Advisory 2024-1037-03: Posted Mar 7, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-1037-03 - Red Hat OpenShift Container Platform release 4.13.36 is now available with updates to packages and images that fix several bugs and add enhancements.; tags | advisory; systems | linux, redhat; advisories | CVE-2023-39325; SHA-256 | 5d7d154d2cc0073a8f42e62a4daf7a9e98a3ad019079deca2a3102a76f5e1909; Download | Favorite | View

Red Hat Security Advisory 2024-1052-03: Posted Mar 6, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-1052-03 - Red Hat OpenShift Container Platform release 4.12.51 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and traversal vulnerabilities.; tags | advisory, denial of service, vulnerability; systems | linux, redhat; advisories | CVE-2023-39325; SHA-256 | e494948c55a00247768991156a543f65750a55ba774040322b7f3ccb3b1ec888; Download | Favorite | View

Red Hat Security Advisory 2024-0302-03: Posted Mar 6, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-0302-03 - Kube Descheduler Operator for Red Hat OpenShift 5.0.0 for RHEL 9.; tags | advisory; systems | linux, redhat; advisories | CVE-2023-39325; SHA-256 | 5f5277605c823a06cf73ee9ab7a0cc4a127ba95f405d564711f66dcbda0a65f7; Download | Favorite | View

Red Hat Security Advisory 2024-0946-03: Posted Feb 28, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-0946-03 - Red Hat OpenShift Container Platform release 4.13.35 is now available with updates to packages and images that fix several bugs and add enhancements.; tags | advisory; systems | linux, redhat; advisories | CVE-2023-39325; SHA-256 | c7918df94e4b2c86cb33e139d456d7f54e9a8741020efcb19d0005d06d6d1877; Download | Favorite | View

Red Hat Security Advisory 2024-0941-03: Posted Feb 28, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-0941-03 - Red Hat OpenShift Container Platform release 4.14.14 is now available with updates to packages and images that fix several bugs and add enhancements.; tags | advisory; systems | linux, redhat; advisories | CVE-2023-39325; SHA-256 | 88515d8dc20b43876aa27fd2b6ea898a9382283551f5b1568a1b7fb39619d92a; Download | Favorite | View

Red Hat Security Advisory 2024-0766-03: Posted Feb 28, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-0766-03 - Red Hat OpenShift Container Platform release 4.15.0 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.; tags | advisory, denial of service; systems | linux, redhat; advisories | CVE-2023-39325; SHA-256 | 0b26eca9dcc849bc191d462ba5264489f4737c4f0172c2b4f44c30fafc4a93f8; Download | Favorite | View

Red Hat Security Advisory 2024-0269-03: Posted Feb 28, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-0269-03 - An update for run-once-duration-override-container, run-once-duration-override-operator-bundle-container, and run-once-duration-override-operator-container is now available for RODOO-1.1-RHEL-9. Issues addressed include a denial of service vulnerability.; tags | advisory, denial of service; systems | linux, redhat; advisories | CVE-2023-39325; SHA-256 | 46625cb3eb40e90ad293ce294aea948362a70da1520a790c756bf54de3a4e920; Download | Favorite | View

Red Hat Security Advisory 2024-0833-03: Posted Feb 26, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-0833-03 - Red Hat OpenShift Container Platform release 4.12.50 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include denial of service and traversal vulnerabilities.; tags | advisory, denial of service, vulnerability; systems | linux, redhat; advisories | CVE-2023-39325; SHA-256 | 86eab7c365c054b85dd2d9596b3c028609cb6ee42eb6378d148f65f4389833fd; Download | Favorite | View

Red Hat Security Advisory 2024-0837-03: Posted Feb 21, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-0837-03 - Red Hat OpenShift Container Platform release 4.14.13 is now available with updates to packages and images that fix several bugs and add enhancements.; tags | advisory; systems | linux, redhat; advisories | CVE-2023-39325; SHA-256 | d1bdf47cb8160404fe1823442680fae112d3f1c54d5ff3b387c3907fd6f7cc8d; Download | Favorite | View

Red Hat Security Advisory 2024-0664-03: Posted Feb 9, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-0664-03 - Red Hat OpenShift Container Platform release 4.12.49 is now available with updates to packages and images that fix several bugs and add enhancements.; tags | advisory; systems | linux, redhat; advisories | CVE-2023-39325; SHA-256 | 1da07cdb9aa4a53f1187e7f3fcb279754ceec250b05709a09b3e42f4c25e3ff5; Download | Favorite | View

Red Hat Security Advisory 2024-0660-03: Posted Feb 8, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-0660-03 - Red Hat OpenShift Container Platform release 4.13.32 is now available with updates to packages and images that fix several bugs and add enhancements. Issues addressed include a denial of service vulnerability.; tags | advisory, denial of service; systems | linux, redhat; advisories | CVE-2023-39325; SHA-256 | d1deb804d0bf3831445ba66f8c6e6712dacebbb5bbdee193372f7a42944ed6fb; Download | Favorite | View

Red Hat Security Advisory 2024-0642-03: Posted Feb 8, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-0642-03 - An update is now available for Red Hat OpenShift Container Platform 4.14. Issues addressed include denial of service and traversal vulnerabilities.; tags | advisory, denial of service, vulnerability; systems | linux, redhat; advisories | CVE-2023-39325; SHA-256 | 067c672d45f32da5faea03fc51d1c52b2b5db641ef22c66e5fb097dc8344f747; Download | Favorite | View

Red Hat Security Advisory 2024-0484-03: Posted Feb 2, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-0484-03 - Red Hat OpenShift Container Platform release 4.13.31 is now available with updates to packages and images that fix several bugs and add enhancements.; tags | advisory; systems | linux, redhat; advisories | CVE-2023-39325; SHA-256 | ed0abdf5084bca41a7e826e8b9844a8e96dedf41534bff01ec99c36841743575; Download | Favorite | View

Red Hat Security Advisory 2024-0306-03: Posted Jan 26, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-0306-03 - Red Hat OpenShift Container Platform release 4.11.57 is now available with updates to packages and images that fix several bugs and add enhancements.; tags | advisory; systems | linux, redhat; advisories | CVE-2023-39325; SHA-256 | 09837e1c2e8758cb9ff8c02560439bf394ca34852ae1d83b053f97dd7d591351; Download | Favorite | View

Red Hat Security Advisory 2024-0290-03: Posted Jan 24, 2024; Authored by Red Hat | Site access.redhat.com; Red Hat Security Advisory 2024-0290-03 - Red Hat OpenShift Container Platform release 4.14.10 is now available with updates to packages and images that fix several bugs and add enhancements.; tags | advisory; systems | linux, redhat; advisories | CVE-2023-39325; SHA-256 | e51d95e8f7abd8b3cad2fb79d59dd19b709f17a3b1cdd651c8441d81900c5b7b; Download | Favorite | View

Page 1 of 5 Back 1 2 3 4 5 Next

Top Authors In Last 30 Days

Red Hat 223 files
Ubuntu 57 files
LiquidWorm 23 files
Debian 19 files
indoushka 15 files
Apple 9 files
Google Security Research 5 files
Gentoo 5 files
Chokri Hammedi 3 files
Alter Prime 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,158)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,830)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,245)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,969)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

CVE-2023-39325

Overview

Related Files

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems