CVE-2024-4438

HIGH 7.5

Etcd: incomplete fix for cve-2023-39325/cve-2023-44487 in openstack platform

CVSS Score

7.5

EPSS Score

0.0%

EPSS Percentile

0th

The etcd package distributed with the Red Hat OpenStack platform has an incomplete fix for CVE-2023-39325/CVE-2023-44487, known as Rapid Reset. This issue occurs because the etcd package in the Red Hat OpenStack platform is using http://golang.org/x/net/http2 instead of the one provided by Red Hat Enterprise Linux versions, meaning it should be updated at compile time instead.

CWE	CWE-400
Published	May 8, 2024
Last Updated	Nov 20, 2025

Stay Ahead of the Next One

Get instant alerts for

Be the first to know when new high vulnerabilities are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Affected Versions

Red Hat / Red Hat OpenStack Platform 16.1

All versions affected

Red Hat / Red Hat OpenStack Platform 16.2

All versions affected

Red Hat / Red Hat OpenStack Platform 17.1 for RHEL 9

All versions affected

Red Hat / Red Hat OpenStack Platform 18.0

All versions affected

References

NVD ↗ CVE.org ↗ EPSS Data ↗

access.redhat.com: https://access.redhat.com/errata/RHSA-2024:2729 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:3352 access.redhat.com: https://access.redhat.com/errata/RHSA-2024:3467 access.redhat.com: https://access.redhat.com/security/cve/CVE-2024-4438 bugzilla.redhat.com: https://bugzilla.redhat.com/show_bug.cgi?id=2279365