csaf_suse - suse-su-2023:4624-1

suse-su-2023:4624-1

Vulnerability from csaf_suse

Published

2023-12-01 08:25

Modified

2023-12-01 08:25

Summary

Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container

Notes

Title of the patch

Description of the patch

This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues: Update to version 1.1.0 - Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.1.0 Update to version 1.0.1 - Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.0.1

Patchnames

SUSE-2023-4624,SUSE-SLE-Micro-5.5-2023-4624,SUSE-SLE-Module-Containers-15-SP5-2023-4624,openSUSE-SLE-15.5-2023-4624

CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).

JSON

To clipboard

{
  "document": {
    "aggregate_severity": {
      "namespace": "https://www.suse.com/support/security/rating/",
      "text": "important"
    },
    "category": "csaf_security_advisory",
    "csaf_version": "2.0",
    "distribution": {
      "text": "Copyright 2024 SUSE LLC. All rights reserved.",
      "tlp": {
        "label": "WHITE",
        "url": "https://www.first.org/tlp/"
      }
    },
    "lang": "en",
    "notes": [
      {
        "category": "summary",
        "text": "Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container",
        "title": "Title of the patch"
      },
      {
        "category": "description",
        "text": "This update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container fixes the following issues:\n\nUpdate to version 1.1.0\n\n- Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.1.0\n\nUpdate to version 1.0.1\n\n- Release notes https://github.com/kubevirt/kubevirt/releases/tag/v1.0.1\n",
        "title": "Description of the patch"
      },
      {
        "category": "details",
        "text": "SUSE-2023-4624,SUSE-SLE-Micro-5.5-2023-4624,SUSE-SLE-Module-Containers-15-SP5-2023-4624,openSUSE-SLE-15.5-2023-4624",
        "title": "Patchnames"
      },
      {
        "category": "legal_disclaimer",
        "text": "CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).",
        "title": "Terms of use"
      }
    ],
    "publisher": {
      "category": "vendor",
      "contact_details": "https://www.suse.com/support/security/contact/",
      "name": "SUSE Product Security Team",
      "namespace": "https://www.suse.com/"
    },
    "references": [
      {
        "category": "external",
        "summary": "SUSE ratings",
        "url": "https://www.suse.com/support/security/rating/"
      },
      {
        "category": "self",
        "summary": "URL of this CSAF notice",
        "url": "https://ftp.suse.com/pub/projects/security/csaf/suse-su-2023_4624-1.json"
      },
      {
        "category": "self",
        "summary": "URL for SUSE-SU-2023:4624-1",
        "url": "https://www.suse.com/support/update/announcement/2023/suse-su-20234624-1/"
      },
      {
        "category": "self",
        "summary": "E-Mail link for SUSE-SU-2023:4624-1",
        "url": "https://lists.suse.com/pipermail/sle-security-updates/2024-February/018051.html"
      },
      {
        "category": "self",
        "summary": "SUSE CVE CVE-2023-44487 page",
        "url": "https://www.suse.com/security/cve/CVE-2023-44487/"
      }
    ],
    "title": "Security update for kubevirt, virt-api-container, virt-controller-container, virt-exportproxy-container, virt-exportserver-container, virt-handler-container, virt-launcher-container, virt-libguestfs-tools-container, virt-operator-container, virt-pr-helper-container",
    "tracking": {
      "current_release_date": "2023-12-01T08:25:49Z",
      "generator": {
        "date": "2023-12-01T08:25:49Z",
        "engine": {
          "name": "cve-database.git:bin/generate-csaf.pl",
          "version": "1"
        }
      },
      "id": "SUSE-SU-2023:4624-1",
      "initial_release_date": "2023-12-01T08:25:49Z",
      "revision_history": [
        {
          "date": "2023-12-01T08:25:49Z",
          "number": "1",
          "summary": "Current version"
        }
      ],
      "status": "final",
      "version": "1"
    }
  },
  "product_tree": {
    "branches": [
      {
        "branches": [
          {
            "branches": [
              {
                "category": "product_version",
                "name": "kubevirt-container-disk-1.1.0-150500.8.6.1.x86_64",
                "product": {
                  "name": "kubevirt-container-disk-1.1.0-150500.8.6.1.x86_64",
                  "product_id": "kubevirt-container-disk-1.1.0-150500.8.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kubevirt-manifests-1.1.0-150500.8.6.1.x86_64",
                "product": {
                  "name": "kubevirt-manifests-1.1.0-150500.8.6.1.x86_64",
                  "product_id": "kubevirt-manifests-1.1.0-150500.8.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kubevirt-pr-helper-conf-1.1.0-150500.8.6.1.x86_64",
                "product": {
                  "name": "kubevirt-pr-helper-conf-1.1.0-150500.8.6.1.x86_64",
                  "product_id": "kubevirt-pr-helper-conf-1.1.0-150500.8.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kubevirt-tests-1.1.0-150500.8.6.1.x86_64",
                "product": {
                  "name": "kubevirt-tests-1.1.0-150500.8.6.1.x86_64",
                  "product_id": "kubevirt-tests-1.1.0-150500.8.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kubevirt-virt-api-1.1.0-150500.8.6.1.x86_64",
                "product": {
                  "name": "kubevirt-virt-api-1.1.0-150500.8.6.1.x86_64",
                  "product_id": "kubevirt-virt-api-1.1.0-150500.8.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kubevirt-virt-controller-1.1.0-150500.8.6.1.x86_64",
                "product": {
                  "name": "kubevirt-virt-controller-1.1.0-150500.8.6.1.x86_64",
                  "product_id": "kubevirt-virt-controller-1.1.0-150500.8.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kubevirt-virt-exportproxy-1.1.0-150500.8.6.1.x86_64",
                "product": {
                  "name": "kubevirt-virt-exportproxy-1.1.0-150500.8.6.1.x86_64",
                  "product_id": "kubevirt-virt-exportproxy-1.1.0-150500.8.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kubevirt-virt-exportserver-1.1.0-150500.8.6.1.x86_64",
                "product": {
                  "name": "kubevirt-virt-exportserver-1.1.0-150500.8.6.1.x86_64",
                  "product_id": "kubevirt-virt-exportserver-1.1.0-150500.8.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kubevirt-virt-handler-1.1.0-150500.8.6.1.x86_64",
                "product": {
                  "name": "kubevirt-virt-handler-1.1.0-150500.8.6.1.x86_64",
                  "product_id": "kubevirt-virt-handler-1.1.0-150500.8.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kubevirt-virt-launcher-1.1.0-150500.8.6.1.x86_64",
                "product": {
                  "name": "kubevirt-virt-launcher-1.1.0-150500.8.6.1.x86_64",
                  "product_id": "kubevirt-virt-launcher-1.1.0-150500.8.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kubevirt-virt-operator-1.1.0-150500.8.6.1.x86_64",
                "product": {
                  "name": "kubevirt-virt-operator-1.1.0-150500.8.6.1.x86_64",
                  "product_id": "kubevirt-virt-operator-1.1.0-150500.8.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "kubevirt-virtctl-1.1.0-150500.8.6.1.x86_64",
                "product": {
                  "name": "kubevirt-virtctl-1.1.0-150500.8.6.1.x86_64",
                  "product_id": "kubevirt-virtctl-1.1.0-150500.8.6.1.x86_64"
                }
              },
              {
                "category": "product_version",
                "name": "obs-service-kubevirt_containers_meta-1.1.0-150500.8.6.1.x86_64",
                "product": {
                  "name": "obs-service-kubevirt_containers_meta-1.1.0-150500.8.6.1.x86_64",
                  "product_id": "obs-service-kubevirt_containers_meta-1.1.0-150500.8.6.1.x86_64"
                }
              }
            ],
            "category": "architecture",
            "name": "x86_64"
          },
          {
            "branches": [
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Micro 5.5",
                "product": {
                  "name": "SUSE Linux Enterprise Micro 5.5",
                  "product_id": "SUSE Linux Enterprise Micro 5.5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-micro:5.5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "SUSE Linux Enterprise Module for Containers 15 SP5",
                "product": {
                  "name": "SUSE Linux Enterprise Module for Containers 15 SP5",
                  "product_id": "SUSE Linux Enterprise Module for Containers 15 SP5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:suse:sle-module-containers:15:sp5"
                  }
                }
              },
              {
                "category": "product_name",
                "name": "openSUSE Leap 15.5",
                "product": {
                  "name": "openSUSE Leap 15.5",
                  "product_id": "openSUSE Leap 15.5",
                  "product_identification_helper": {
                    "cpe": "cpe:/o:opensuse:leap:15.5"
                  }
                }
              }
            ],
            "category": "product_family",
            "name": "SUSE Linux Enterprise"
          }
        ],
        "category": "vendor",
        "name": "SUSE"
      }
    ],
    "relationships": [
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kubevirt-manifests-1.1.0-150500.8.6.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
          "product_id": "SUSE Linux Enterprise Micro 5.5:kubevirt-manifests-1.1.0-150500.8.6.1.x86_64"
        },
        "product_reference": "kubevirt-manifests-1.1.0-150500.8.6.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kubevirt-virtctl-1.1.0-150500.8.6.1.x86_64 as component of SUSE Linux Enterprise Micro 5.5",
          "product_id": "SUSE Linux Enterprise Micro 5.5:kubevirt-virtctl-1.1.0-150500.8.6.1.x86_64"
        },
        "product_reference": "kubevirt-virtctl-1.1.0-150500.8.6.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Micro 5.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kubevirt-manifests-1.1.0-150500.8.6.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:kubevirt-manifests-1.1.0-150500.8.6.1.x86_64"
        },
        "product_reference": "kubevirt-manifests-1.1.0-150500.8.6.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kubevirt-virtctl-1.1.0-150500.8.6.1.x86_64 as component of SUSE Linux Enterprise Module for Containers 15 SP5",
          "product_id": "SUSE Linux Enterprise Module for Containers 15 SP5:kubevirt-virtctl-1.1.0-150500.8.6.1.x86_64"
        },
        "product_reference": "kubevirt-virtctl-1.1.0-150500.8.6.1.x86_64",
        "relates_to_product_reference": "SUSE Linux Enterprise Module for Containers 15 SP5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kubevirt-container-disk-1.1.0-150500.8.6.1.x86_64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:kubevirt-container-disk-1.1.0-150500.8.6.1.x86_64"
        },
        "product_reference": "kubevirt-container-disk-1.1.0-150500.8.6.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kubevirt-manifests-1.1.0-150500.8.6.1.x86_64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:kubevirt-manifests-1.1.0-150500.8.6.1.x86_64"
        },
        "product_reference": "kubevirt-manifests-1.1.0-150500.8.6.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kubevirt-tests-1.1.0-150500.8.6.1.x86_64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:kubevirt-tests-1.1.0-150500.8.6.1.x86_64"
        },
        "product_reference": "kubevirt-tests-1.1.0-150500.8.6.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kubevirt-virt-api-1.1.0-150500.8.6.1.x86_64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:kubevirt-virt-api-1.1.0-150500.8.6.1.x86_64"
        },
        "product_reference": "kubevirt-virt-api-1.1.0-150500.8.6.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kubevirt-virt-controller-1.1.0-150500.8.6.1.x86_64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:kubevirt-virt-controller-1.1.0-150500.8.6.1.x86_64"
        },
        "product_reference": "kubevirt-virt-controller-1.1.0-150500.8.6.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kubevirt-virt-exportproxy-1.1.0-150500.8.6.1.x86_64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:kubevirt-virt-exportproxy-1.1.0-150500.8.6.1.x86_64"
        },
        "product_reference": "kubevirt-virt-exportproxy-1.1.0-150500.8.6.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kubevirt-virt-exportserver-1.1.0-150500.8.6.1.x86_64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:kubevirt-virt-exportserver-1.1.0-150500.8.6.1.x86_64"
        },
        "product_reference": "kubevirt-virt-exportserver-1.1.0-150500.8.6.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kubevirt-virt-handler-1.1.0-150500.8.6.1.x86_64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:kubevirt-virt-handler-1.1.0-150500.8.6.1.x86_64"
        },
        "product_reference": "kubevirt-virt-handler-1.1.0-150500.8.6.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kubevirt-virt-launcher-1.1.0-150500.8.6.1.x86_64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:kubevirt-virt-launcher-1.1.0-150500.8.6.1.x86_64"
        },
        "product_reference": "kubevirt-virt-launcher-1.1.0-150500.8.6.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kubevirt-virt-operator-1.1.0-150500.8.6.1.x86_64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:kubevirt-virt-operator-1.1.0-150500.8.6.1.x86_64"
        },
        "product_reference": "kubevirt-virt-operator-1.1.0-150500.8.6.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "kubevirt-virtctl-1.1.0-150500.8.6.1.x86_64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:kubevirt-virtctl-1.1.0-150500.8.6.1.x86_64"
        },
        "product_reference": "kubevirt-virtctl-1.1.0-150500.8.6.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      },
      {
        "category": "default_component_of",
        "full_product_name": {
          "name": "obs-service-kubevirt_containers_meta-1.1.0-150500.8.6.1.x86_64 as component of openSUSE Leap 15.5",
          "product_id": "openSUSE Leap 15.5:obs-service-kubevirt_containers_meta-1.1.0-150500.8.6.1.x86_64"
        },
        "product_reference": "obs-service-kubevirt_containers_meta-1.1.0-150500.8.6.1.x86_64",
        "relates_to_product_reference": "openSUSE Leap 15.5"
      }
    ]
  },
  "vulnerabilities": [
    {
      "cve": "CVE-2023-44487",
      "ids": [
        {
          "system_name": "SUSE CVE Page",
          "text": "https://www.suse.com/security/cve/CVE-2023-44487"
        }
      ],
      "notes": [
        {
          "category": "general",
          "text": "The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.",
          "title": "CVE description"
        }
      ],
      "product_status": {
        "recommended": [
          "SUSE Linux Enterprise Micro 5.5:kubevirt-manifests-1.1.0-150500.8.6.1.x86_64",
          "SUSE Linux Enterprise Micro 5.5:kubevirt-virtctl-1.1.0-150500.8.6.1.x86_64",
          "SUSE Linux Enterprise Module for Containers 15 SP5:kubevirt-manifests-1.1.0-150500.8.6.1.x86_64",
          "SUSE Linux Enterprise Module for Containers 15 SP5:kubevirt-virtctl-1.1.0-150500.8.6.1.x86_64",
          "openSUSE Leap 15.5:kubevirt-container-disk-1.1.0-150500.8.6.1.x86_64",
          "openSUSE Leap 15.5:kubevirt-manifests-1.1.0-150500.8.6.1.x86_64",
          "openSUSE Leap 15.5:kubevirt-tests-1.1.0-150500.8.6.1.x86_64",
          "openSUSE Leap 15.5:kubevirt-virt-api-1.1.0-150500.8.6.1.x86_64",
          "openSUSE Leap 15.5:kubevirt-virt-controller-1.1.0-150500.8.6.1.x86_64",
          "openSUSE Leap 15.5:kubevirt-virt-exportproxy-1.1.0-150500.8.6.1.x86_64",
          "openSUSE Leap 15.5:kubevirt-virt-exportserver-1.1.0-150500.8.6.1.x86_64",
          "openSUSE Leap 15.5:kubevirt-virt-handler-1.1.0-150500.8.6.1.x86_64",
          "openSUSE Leap 15.5:kubevirt-virt-launcher-1.1.0-150500.8.6.1.x86_64",
          "openSUSE Leap 15.5:kubevirt-virt-operator-1.1.0-150500.8.6.1.x86_64",
          "openSUSE Leap 15.5:kubevirt-virtctl-1.1.0-150500.8.6.1.x86_64",
          "openSUSE Leap 15.5:obs-service-kubevirt_containers_meta-1.1.0-150500.8.6.1.x86_64"
        ]
      },
      "references": [
        {
          "category": "external",
          "summary": "CVE-2023-44487",
          "url": "https://www.suse.com/security/cve/CVE-2023-44487"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1216109 for CVE-2023-44487",
          "url": "https://bugzilla.suse.com/1216109"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1216123 for CVE-2023-44487",
          "url": "https://bugzilla.suse.com/1216123"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1216169 for CVE-2023-44487",
          "url": "https://bugzilla.suse.com/1216169"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1216171 for CVE-2023-44487",
          "url": "https://bugzilla.suse.com/1216171"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1216174 for CVE-2023-44487",
          "url": "https://bugzilla.suse.com/1216174"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1216176 for CVE-2023-44487",
          "url": "https://bugzilla.suse.com/1216176"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1216181 for CVE-2023-44487",
          "url": "https://bugzilla.suse.com/1216181"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1216182 for CVE-2023-44487",
          "url": "https://bugzilla.suse.com/1216182"
        },
        {
          "category": "external",
          "summary": "SUSE Bug 1216190 for CVE-2023-44487",
          "url": "https://bugzilla.suse.com/1216190"
        }
      ],
      "remediations": [
        {
          "category": "vendor_fix",
          "details": "To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n",
          "product_ids": [
            "SUSE Linux Enterprise Micro 5.5:kubevirt-manifests-1.1.0-150500.8.6.1.x86_64",
            "SUSE Linux Enterprise Micro 5.5:kubevirt-virtctl-1.1.0-150500.8.6.1.x86_64",
            "SUSE Linux Enterprise Module for Containers 15 SP5:kubevirt-manifests-1.1.0-150500.8.6.1.x86_64",
            "SUSE Linux Enterprise Module for Containers 15 SP5:kubevirt-virtctl-1.1.0-150500.8.6.1.x86_64",
            "openSUSE Leap 15.5:kubevirt-container-disk-1.1.0-150500.8.6.1.x86_64",
            "openSUSE Leap 15.5:kubevirt-manifests-1.1.0-150500.8.6.1.x86_64",
            "openSUSE Leap 15.5:kubevirt-tests-1.1.0-150500.8.6.1.x86_64",
            "openSUSE Leap 15.5:kubevirt-virt-api-1.1.0-150500.8.6.1.x86_64",
            "openSUSE Leap 15.5:kubevirt-virt-controller-1.1.0-150500.8.6.1.x86_64",
            "openSUSE Leap 15.5:kubevirt-virt-exportproxy-1.1.0-150500.8.6.1.x86_64",
            "openSUSE Leap 15.5:kubevirt-virt-exportserver-1.1.0-150500.8.6.1.x86_64",
            "openSUSE Leap 15.5:kubevirt-virt-handler-1.1.0-150500.8.6.1.x86_64",
            "openSUSE Leap 15.5:kubevirt-virt-launcher-1.1.0-150500.8.6.1.x86_64",
            "openSUSE Leap 15.5:kubevirt-virt-operator-1.1.0-150500.8.6.1.x86_64",
            "openSUSE Leap 15.5:kubevirt-virtctl-1.1.0-150500.8.6.1.x86_64",
            "openSUSE Leap 15.5:obs-service-kubevirt_containers_meta-1.1.0-150500.8.6.1.x86_64"
          ]
        }
      ],
      "scores": [
        {
          "cvss_v3": {
            "baseScore": 7.5,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
            "version": "3.1"
          },
          "products": [
            "SUSE Linux Enterprise Micro 5.5:kubevirt-manifests-1.1.0-150500.8.6.1.x86_64",
            "SUSE Linux Enterprise Micro 5.5:kubevirt-virtctl-1.1.0-150500.8.6.1.x86_64",
            "SUSE Linux Enterprise Module for Containers 15 SP5:kubevirt-manifests-1.1.0-150500.8.6.1.x86_64",
            "SUSE Linux Enterprise Module for Containers 15 SP5:kubevirt-virtctl-1.1.0-150500.8.6.1.x86_64",
            "openSUSE Leap 15.5:kubevirt-container-disk-1.1.0-150500.8.6.1.x86_64",
            "openSUSE Leap 15.5:kubevirt-manifests-1.1.0-150500.8.6.1.x86_64",
            "openSUSE Leap 15.5:kubevirt-tests-1.1.0-150500.8.6.1.x86_64",
            "openSUSE Leap 15.5:kubevirt-virt-api-1.1.0-150500.8.6.1.x86_64",
            "openSUSE Leap 15.5:kubevirt-virt-controller-1.1.0-150500.8.6.1.x86_64",
            "openSUSE Leap 15.5:kubevirt-virt-exportproxy-1.1.0-150500.8.6.1.x86_64",
            "openSUSE Leap 15.5:kubevirt-virt-exportserver-1.1.0-150500.8.6.1.x86_64",
            "openSUSE Leap 15.5:kubevirt-virt-handler-1.1.0-150500.8.6.1.x86_64",
            "openSUSE Leap 15.5:kubevirt-virt-launcher-1.1.0-150500.8.6.1.x86_64",
            "openSUSE Leap 15.5:kubevirt-virt-operator-1.1.0-150500.8.6.1.x86_64",
            "openSUSE Leap 15.5:kubevirt-virtctl-1.1.0-150500.8.6.1.x86_64",
            "openSUSE Leap 15.5:obs-service-kubevirt_containers_meta-1.1.0-150500.8.6.1.x86_64"
          ]
        }
      ],
      "threats": [
        {
          "category": "impact",
          "date": "2023-12-01T08:25:49Z",
          "details": "important"
        }
      ],
      "title": "CVE-2023-44487"
    }
  ]
}

CVE-2023-44487 (GCVE-0-2023-44487)

Vulnerability from cvelistv5

Published

2023-10-10 00:00

Modified

2025-07-30 01:37

Severity ?

7.5 (High) - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

CWE

Summary

The HTTP/2 protocol allows a denial of service (server resource consumption) because request cancellation can reset many streams quickly, as exploited in the wild in August through October 2023.

References

►

URL

Tags

	https://github.com/dotnet/core/blob/e4613450ea0da7fd2fc6b61dfb2c1c1dec1ce9ec/release-notes/6.0/6.0.23/6.0.23.md?plain=1#L73
	https://blog.cloudflare.com/technical-breakdown-http2-rapid-reset-ddos-attack/
	https://aws.amazon.com/security/security-bulletins/AWS-2023-011/
	https://cloud.google.com/blog/products/identity-security/how-it-works-the-novel-http2-rapid-reset-ddos-attack
	https://www.nginx.com/blog/http-2-rapid-reset-attack-impacting-f5-nginx-products/
	https://cloud.google.com/blog/products/identity-security/google-cloud-mitigated-largest-ddos-attack-peaking-above-398-million-rps/
	https://news.ycombinator.com/item?id=37831062
	https://blog.cloudflare.com/zero-day-rapid-reset-http2-record-breaking-ddos-attack/
	https://www.phoronix.com/news/HTTP2-Rapid-Reset-Attack
	https://github.com/envoyproxy/envoy/pull/30055
	https://github.com/haproxy/haproxy/issues/2312
	https://github.com/eclipse/jetty.project/issues/10679
	https://forums.swift.org/t/swift-nio-http2-security-update-cve-2023-44487-http-2-dos/67764
	https://github.com/nghttp2/nghttp2/pull/1961
	https://github.com/netty/netty/commit/58f75f665aa81a8cbcf6ffa74820042a285c5e61
	https://github.com/alibaba/tengine/issues/1872
	https://github.com/apache/tomcat/tree/main/java/org/apache/coyote/http2
	https://news.ycombinator.com/item?id=37830987
	https://news.ycombinator.com/item?id=37830998
	https://github.com/caddyserver/caddy/issues/5877
	https://www.bleepingcomputer.com/news/security/new-http-2-rapid-reset-zero-day-attack-breaks-ddos-records/
	https://github.com/bcdannyboy/CVE-2023-44487
	https://github.com/grpc/grpc-go/pull/6703
	https://github.com/icing/mod_h2/blob/0a864782af0a942aa2ad4ed960a6b32cd35bcf0a/mod_http2/README.md?plain=1#L239-L244
	https://github.com/nghttp2/nghttp2/releases/tag/v1.57.0
	https://mailman.nginx.org/pipermail/nginx-devel/2023-October/S36Q5HBXR7CAIMPLLPRSSSYR4PCMWILK.html
	https://my.f5.com/manage/s/article/K000137106
	https://msrc.microsoft.com/blog/2023/10/microsoft-response-to-distributed-denial-of-service-ddos-attacks-against-http/2/
	https://bugzilla.proxmox.com/show_bug.cgi?id=4988
	https://cgit.freebsd.org/ports/commit/?id=c64c329c2c1752f46b73e3e6ce9f4329be6629f9
	http://www.openwall.com/lists/oss-security/2023/10/10/7	mailing-list
	http://www.openwall.com/lists/oss-security/2023/10/10/6	mailing-list
	https://seanmonstar.com/post/730794151136935936/hyper-http2-rapid-reset-unaffected
	https://github.com/microsoft/CBL-Mariner/pull/6381
	https://groups.google.com/g/golang-announce/c/iNNxDTCjZvo
	https://github.com/facebook/proxygen/pull/466
	https://gist.github.com/adulau/7c2bfb8e9cdbe4b35a5e131c66a0c088
	https://github.com/micrictor/http2-rst-stream
	https://edg.io/lp/blog/resets-leaks-ddos-and-the-tale-of-a-hidden-cve
	https://openssf.org/blog/2023/10/10/http-2-rapid-reset-vulnerability-highlights-need-for-rapid-response/
	https://github.com/h2o/h2o/security/advisories/GHSA-2m7v-gc89-fjqf
	https://github.com/h2o/h2o/pull/3291
	https://github.com/nodejs/node/pull/50121
	https://github.com/dotnet/announcements/issues/277
	https://github.com/golang/go/issues/63417
	https://github.com/advisories/GHSA-vx74-f528-fxqg
	https://github.com/apache/trafficserver/pull/10564
	https://msrc.microsoft.com/update-guide/vulnerability/CVE-2023-44487
	https://tomcat.apache.org/security-10.html#Fixed_in_Apache_Tomcat_10.1.14
	https://lists.apache.org/thread/5py8h42mxfsn8l1wy6o41xwhsjlsd87q
	https://www.openwall.com/lists/oss-security/2023/10/10/6
	https://www.haproxy.com/blog/haproxy-is-not-affected-by-the-http-2-rapid-reset-attack-cve-2023-44487
	https://github.com/opensearch-project/data-prepper/issues/3474
	https://github.com/kubernetes/kubernetes/pull/121120
	https://github.com/oqtane/oqtane.framework/discussions/3367
	https://github.com/advisories/GHSA-xpw8-rcwv-8f8p
	https://netty.io/news/2023/10/10/4-1-100-Final.html
	https://www.cisa.gov/news-events/alerts/2023/10/10/http2-rapid-reset-vulnerability-cve-2023-44487
	https://www.theregister.com/2023/10/10/http2_rapid_reset_zeroday/
	https://blog.qualys.com/vulnerabilities-threat-research/2023/10/10/cve-2023-44487-http-2-rapid-reset-attack
	https://news.ycombinator.com/item?id=37837043
	https://github.com/kazu-yamamoto/http2/issues/93
	https://martinthomson.github.io/h2-stream-limits/draft-thomson-httpbis-h2-stream-limits.html
	https://github.com/kazu-yamamoto/http2/commit/f61d41a502bd0f60eb24e1ce14edc7b6df6722a1
	https://github.com/apache/httpd/blob/afcdbeebbff4b0c50ea26cdd16e178c0d1f24152/modules/http2/h2_mplx.c#L1101-L1113
	https://www.debian.org/security/2023/dsa-5522	vendor-advisory
	https://www.debian.org/security/2023/dsa-5521	vendor-advisory
	https://access.redhat.com/security/cve/cve-2023-44487
	https://github.com/ninenines/cowboy/issues/1615
	https://github.com/varnishcache/varnish-cache/issues/3996
	https://github.com/tempesta-tech/tempesta/issues/1986
	https://blog.vespa.ai/cve-2023-44487/
	https://github.com/etcd-io/etcd/issues/16740
	https://www.darkreading.com/cloud/internet-wide-zero-day-bug-fuels-largest-ever-ddos-event
	https://istio.io/latest/news/security/istio-security-2023-004/
	https://github.com/junkurihara/rust-rpxy/issues/97
	https://bugzilla.suse.com/show_bug.cgi?id=1216123
	https://bugzilla.redhat.com/show_bug.cgi?id=2242803
	https://ubuntu.com/security/CVE-2023-44487
	https://community.traefik.io/t/is-traefik-vulnerable-to-cve-2023-44487/20125
	https://github.com/advisories/GHSA-qppj-fm5r-hxr3
	https://github.com/apache/httpd-site/pull/10
	https://github.com/projectcontour/contour/pull/5826
	https://github.com/linkerd/website/pull/1695/commits/4b9c6836471bc8270ab48aae6fd2181bc73fd632
	https://github.com/line/armeria/pull/5232
	https://blog.litespeedtech.com/2023/10/11/rapid-reset-http-2-vulnerablilty/
	https://security.paloaltonetworks.com/CVE-2023-44487
	https://github.com/akka/akka-http/issues/4323
	https://github.com/openresty/openresty/issues/930
	https://github.com/apache/apisix/issues/10320
	https://github.com/Azure/AKS/issues/3947
	https://github.com/Kong/kong/discussions/11741
	https://github.com/arkrwn/PoC/tree/main/CVE-2023-44487
	https://www.netlify.com/blog/netlify-successfully-mitigates-cve-2023-44487/
	https://github.com/caddyserver/caddy/releases/tag/v2.7.5
	https://lists.debian.org/debian-lts-announce/2023/10/msg00020.html	mailing-list
	http://www.openwall.com/lists/oss-security/2023/10/13/4	mailing-list
	http://www.openwall.com/lists/oss-security/2023/10/13/9	mailing-list
	https://arstechnica.com/security/2023/10/how-ddosers-used-the-http-2-protocol-to-deliver-attacks-of-unprecedented-size/
	https://lists.w3.org/Archives/Public/ietf-http-wg/2023OctDec/0025.html
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JMEXY22BFG5Q64HQCM5CK2Q7KDKVV4TY/	vendor-advisory
	https://linkerd.io/2023/10/12/linkerd-cve-2023-44487/
	https://lists.debian.org/debian-lts-announce/2023/10/msg00023.html	mailing-list
	https://security.netapp.com/advisory/ntap-20231016-0001/
	https://lists.debian.org/debian-lts-announce/2023/10/msg00024.html	mailing-list
	http://www.openwall.com/lists/oss-security/2023/10/18/4	mailing-list
	http://www.openwall.com/lists/oss-security/2023/10/18/8	mailing-list
	http://www.openwall.com/lists/oss-security/2023/10/19/6	mailing-list
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZKQSIKIAT5TJ3WSLU3RDBQ35YX4GY4V3/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/JIZSEFC3YKCGABA2BZW6ZJRMDZJMB7PJ/	vendor-advisory
	http://www.openwall.com/lists/oss-security/2023/10/20/8	mailing-list
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WLPRQ5TWUQQXYWBJM7ECYDAIL2YVKIUH/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/E72T67UPDRXHIDLO3OROR25YAMN4GGW5/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BFQD3KUEMFBHPAPBGLWQC34L4OWL5HAZ/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZLU6U2R2IC2K64NDPNMV55AUAO65MAF4/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/X6QXN4ORIVF6XBW4WWFE7VNPVC74S45Y/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LKYHSZQFDNR7RSA7LHVLLIAQMVYCUGBG/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/FNA62Q767CFAFHBCDKYNPBMZWB7TWYVU/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/LNMZJCDHGLJJLXO4OXWJMTVQRNWOC7UL/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/KSEGD2IWKNUO3DWY4KQGUQM5BISRWHQE/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/CLB4TW7KALB3EEQWNWCN7OUIWWVWWCG2/	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2023/10/msg00045.html	mailing-list
	https://www.debian.org/security/2023/dsa-5540	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2023/10/msg00047.html	mailing-list
	https://discuss.hashicorp.com/t/hcsec-2023-32-vault-consul-and-boundary-affected-by-http-2-rapid-reset-denial-of-service-vulnerability-cve-2023-44487/59715
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VHUHTSXLXGXS7JYKBXTA3VINUPHTNGVU/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VSRDIV77HNKUSM7SJC5BKE5JSHLHU2NK/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/3N4NJ7FR4X4FPZUGNTQAPSTVB2HB2Y4A/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/ZB43REMKRQR62NJEI7I5NQ4FSXNLBKRT/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HT7T2R4MQKLIF4ODV4BDLPARWFPCJ5CZ/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XFOIBB4YFICHDM7IBOP7PWXW3FX4HLL2/	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2023/11/msg00001.html	mailing-list
	https://www.debian.org/security/2023/dsa-5549	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/2MBEPPC36UBVOZZNAXFHKLFGSLCMN5LI/	vendor-advisory
	https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/WE2I52RHNNU42PX6NZ2RBUHSFFJ2LVZX/	vendor-advisory
	https://www.debian.org/security/2023/dsa-5558	vendor-advisory
	https://lists.debian.org/debian-lts-announce/2023/11/msg00012.html	mailing-list
	https://security.gentoo.org/glsa/202311-09	vendor-advisory
	https://www.debian.org/security/2023/dsa-5570	vendor-advisory
	https://security.netapp.com/advisory/ntap-20240426-0007/
	https://security.netapp.com/advisory/ntap-20240621-0006/
	https://security.netapp.com/advisory/ntap-20240621-0007/
	https://github.com/grpc/grpc/releases/tag/v1.59.2
	https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-http2-reset-d8Kf32vZ

Impacted products

	Vendor	Product	Version
	n/a	n/a	Version: n/a

Show details on NVD website