iperf3 -- buffer overflow

2016-06-08T00:00:00
ID D6BBF2D8-2CFC-11E6-800B-080027468580
Type freebsd
Reporter FreeBSD
Modified 2016-06-08T00:00:00

Description

ESnet reports:

A malicious process can connect to an iperf3 server and, by sending a malformed message on the control channel, corrupt the server process's heap area. This can lead to a crash (and a denial of service), or theoretically a remote code execution as the user running the iperf3 server. A malicious iperf3 server could potentially mount a similar attack on an iperf3 client.