MidnightBSD

Advisories for es

CVE-2023-38403

iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.

Products Affected

Vendor Product Version
debian debian_linux 10.0
fedoraproject fedora 37
apple macos 14.0
netapp clustered_data_ontap 9.0
apple macos *
fedoraproject fedora 38
netapp ontap_select_deploy_administration_utility -
es iperf3 *
CVE-2023-7250

A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf server, which can cause the server to hang indefinitely waiting for the remainder or until the connection gets closed. This will prevent other connections to the server, leading to a denial of service.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
secalert@redhat.com 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4

Products Affected

Vendor Product Version
redhat enterprise_linux 9.0
redhat enterprise_linux 8.0
redhat enterprise_linux_for_ibm_z_systems 8.0_s390x
redhat enterprise_linux_for_power_little_endian 8.0_ppc64le
redhat enterprise_linux_for_arm_64 9.0_aarch64
redhat enterprise_linux_for_arm_64 8.0_aarch64
redhat enterprise_linux_for_ibm_z_systems 9.0_s390x
es iperf3 *
CVE-2024-26306

iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario.

Products Affected

Vendor Product Version
netapp bootstrap_os -
es iperf3 *
CVE-2024-53580

iperf v3.17.1 was discovered to contain a segmentation violation via the iperf_exchange_parameters() function.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
134c704f-9b21-4f2e-91b3-4a467353bcc0 7.5 HIGH CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H 3.9 3.6

Products Affected

Vendor Product Version
es iperf3 3.17.1
netapp ontap_9 -
netapp hci_compute_node -
CVE-2025-54349

In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resultant heap-based buffer overflow.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0
cve@mitre.org 6.5 MEDIUM CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L 2.2 3.7

Products Affected

Vendor Product Version
es iperf3 *
CVE-2025-54350

In iperf before 3.19.1, iperf_auth.c has a Base64Decode assertion failure and application exit upon a malformed authentication attempt.

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 5.3 MEDIUM CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L 3.9 1.4
cve@mitre.org 3.7 LOW CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L 2.2 1.4

Products Affected

Vendor Product Version
es iperf3 *
CVE-2025-54351

In iperf before 3.19.1, net.c has a buffer overflow when --skip-rx-copy is used (for MSG_TRUNC in recv).

CVSS 3.x

Source Score Severity Vector Exploitability Impact
nvd@nist.gov 10.0 CRITICAL CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H 3.9 6.0
cve@mitre.org 8.9 HIGH CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L 2.2 6.0

Products Affected

Vendor Product Version
es iperf3 3.19