CVE-2023-39325

Public on 2023-10-11
Modified on 2025-04-04
Description
The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.
Severity
Important severity
Important
CVSS v3 Base Score
7.5
See breakdown

Affected Packages

Platform Package Release Date Advisory Status
HAQM Linux 2 - Core amazon-cloudwatch-agent 2024-01-19 ALAS2-2024-2424 Fixed
HAQM Linux 2023 amazon-cloudwatch-agent 2024-01-19 ALAS2023-2024-498 Fixed
HAQM Linux 2 - Ecs Extra amazon-ecr-credential-helper Not Affected
HAQM Linux 2 - Docker Extra amazon-ecr-credential-helper 2023-10-31 ALAS2DOCKER-2023-034 Fixed
HAQM Linux 2 - Aws-nitro-enclaves-cli Extra amazon-ecr-credential-helper 2023-10-31 ALAS2NITRO-ENCLAVES-2023-033 Fixed
HAQM Linux 1 amazon-ssm-agent 2024-02-14 ALAS-2024-1920 Fixed
HAQM Linux 2 - Core amazon-ssm-agent 2024-02-15 ALAS2-2024-2458 Fixed
HAQM Linux 2023 amazon-ssm-agent 2024-02-15 ALAS2023-2024-526 Fixed
HAQM Linux 2 - Core cni-plugins 2023-10-30 ALAS2-2023-2325 Fixed
HAQM Linux 2023 cni-plugins 2023-10-30 ALAS2023-2023-419 Fixed
HAQM Linux 1 containerd Not Affected
HAQM Linux 2 - Docker Extra containerd Not Affected
HAQM Linux 2 - Ecs Extra containerd 2024-03-04 ALAS2ECS-2024-035 Fixed
HAQM Linux 2023 containerd Not Affected
HAQM Linux 2 - Core cri-tools 2023-10-30 ALAS2-2023-2324 Fixed
HAQM Linux 2 - Docker Extra docker 2023-10-18 ALAS2DOCKER-2023-031 Fixed
HAQM Linux 2 - Ecs Extra docker 2023-10-31 ALAS2ECS-2023-019 Fixed
HAQM Linux 2 - Aws-nitro-enclaves-cli Extra docker 2023-10-18 ALAS2NITRO-ENCLAVES-2023-030 Fixed
HAQM Linux 2023 docker 2023-10-18 ALAS2023-2023-397 Fixed
HAQM Linux 2 - Ecs Extra ecs-init 2023-11-09 ALAS2ECS-2023-020 Fixed
HAQM Linux 2023 ecs-init 2023-11-09 ALAS2023-2023-434 Fixed
HAQM Linux 2023 ecs-init 2023-11-09 ALAS2023-2023-435 Fixed
HAQM Linux 1 golang 2023-10-16 ALAS-2023-1871 Fixed
HAQM Linux 2 - Core golang 2023-10-16 ALAS2-2023-2313 Fixed
HAQM Linux 2023 golang 2023-10-16 ALAS2023-2023-394 Fixed
HAQM Linux 2 - Core golist 2023-10-30 ALAS2-2023-2326 Fixed
HAQM Linux 2 - Core nerdctl 2023-11-09 ALAS2-2023-2339 Fixed
HAQM Linux 2023 oci-add-hooks 2023-10-30 ALAS2023-2023-418 Fixed
HAQM Linux 2 - Docker Extra runc 2023-10-18 ALAS2DOCKER-2023-033 Fixed
HAQM Linux 2 - Ecs Extra runc 2023-10-31 ALAS2ECS-2023-018 Fixed
HAQM Linux 2 - Aws-nitro-enclaves-cli Extra runc 2023-10-18 ALAS2NITRO-ENCLAVES-2023-032 Fixed
HAQM Linux 2023 runc 2023-10-18 ALAS2023-2023-396 Fixed

CVSS Scores

Score Type Score Vector
HAQM Linux CVSSv3 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
NVD CVSSv3 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

References

Red Hat: CVE-2023-39325 Mitre: CVE-2023-39325