This description was provided in the disclosure from VINCE: The Go packages net/http and golang.org/x/net/http2 packages do not limit the number of CONTINUATION frames read for an HTTP/2 request, which permits an attacker to provide an arbitrarily large set of headers for a single request, that will be read, decoded, and subsequently discarded, which may result in excessive CPU consumption.
Is this http and http2 or http2 only? The title says HTTP, but the description is all http2. If it's http2, then it's likely the container tools don't have an issue as we're HTTP based.
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2024:1668 https://access.redhat.com/errata/RHSA-2024:1668
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2024:1679 https://access.redhat.com/errata/RHSA-2024:1679
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2024:1681 https://access.redhat.com/errata/RHSA-2024:1681
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2024:1683 https://access.redhat.com/errata/RHSA-2024:1683
We are from a product team which provides security fix every month. The above CVE is reported against RedHat UBI minimal 8.9 level. And we are expected to fix this by 5th of May. It is blocking our releases. Can you please let us now when it will be fixed. Thanks & Regards, Gandhi. IBM MQ Container Security Lead.
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:1963 https://access.redhat.com/errata/RHSA-2024:1963
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:1962 https://access.redhat.com/errata/RHSA-2024:1962
This issue has been addressed in the following products: RHEL-9-CNV-4.14 Via RHSA-2024:2060 https://access.redhat.com/errata/RHSA-2024:2060
This issue has been addressed in the following products: STF-1.5-RHEL-8 Via RHSA-2024:2062 https://access.redhat.com/errata/RHSA-2024:2062
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2024:1899 https://access.redhat.com/errata/RHSA-2024:1899
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2024:1892 https://access.redhat.com/errata/RHSA-2024:1892
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2024:1897 https://access.redhat.com/errata/RHSA-2024:1897
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:2079 https://access.redhat.com/errata/RHSA-2024:2079
This issue has been addressed in the following products: Cryostat 2 on RHEL 8 Via RHSA-2024:2088 https://access.redhat.com/errata/RHSA-2024:2088
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:2562 https://access.redhat.com/errata/RHSA-2024:2562
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2024:2625 https://access.redhat.com/errata/RHSA-2024:2625
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2024:2068 https://access.redhat.com/errata/RHSA-2024:2068
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.13 Via RHSA-2024:2049 https://access.redhat.com/errata/RHSA-2024:2049
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2024:2699 https://access.redhat.com/errata/RHSA-2024:2699
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2024:2724 https://access.redhat.com/errata/RHSA-2024:2724
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2024:2664 https://access.redhat.com/errata/RHSA-2024:2664
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2024:2667 https://access.redhat.com/errata/RHSA-2024:2667
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2024:2668 https://access.redhat.com/errata/RHSA-2024:2668
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2024:2672 https://access.redhat.com/errata/RHSA-2024:2672
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.14 Via RHSA-2024:2671 https://access.redhat.com/errata/RHSA-2024:2671
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2024:2773 https://access.redhat.com/errata/RHSA-2024:2773
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.12 Via RHSA-2024:2782 https://access.redhat.com/errata/RHSA-2024:2782
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.8 Extended Update Support Via RHSA-2024:2936 https://access.redhat.com/errata/RHSA-2024:2936
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2024:2935 https://access.redhat.com/errata/RHSA-2024:2935
This issue has been addressed in the following products: Red Hat OpenShift Container Platform 4.15 Via RHSA-2024:2865 https://access.redhat.com/errata/RHSA-2024:2865
This issue has been addressed in the following products: Red Hat Advanced Cluster Security 4.4 Via RHSA-2024:2941 https://access.redhat.com/errata/RHSA-2024:2941