Moderate: Red Hat Security Advisory: iperf3 security update

An update for iperf3 is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

RHEL 8 : iperf3 (RHSA-2026:1592)

The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2026:1592 advisory. Iperf is a tool which can measure maximum TCP bandwidth and tune various parameters and UDP characteristics. Iperf reports bandwidth, delay jitter, a...

MiracleLinux 8 : iperf3-3.5-10.el8_10 (AXSA:2024-8525:01)

The remote MiracleLinux 8 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-8525:01 advisory. iperf3: possible denial of service CVE-2023-7250 iperf3: vulnerable to marvin attack if the authentication option is used CVE-2024-26306 Tenable has...

MiracleLinux 9 : iperf3-3.9-13.el9 (AXSA:2024-9259:02)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-9259:02 advisory. iperf3: possible denial of service CVE-2023-7250,ESNET-SECADV-2023-0002 iperf3: vulnerable to marvin attack if the authentication option is used...

MiracleLinux 8 : iperf3-3.5-11.el8_10 (AXSA:2025-9534:01)

The remote MiracleLinux 8 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2025-9534:01 advisory. iperf: Denial of Service in iperf Due to Improper JSON Handling CVE-2024-53580 Tenable has extracted the preceding description block directly from the...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: iperf3 (UTSA-2025-984800)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-984800 advisory. In iperf before 3.19.1, iperfauth.c has an off-by-one error and resultant heap-based buffer overflow. Tenable has extracted the preceding description block directly...

Medium: iperf3

Issue Overview: In iperf before 3.19.1, iperfauth.c has an off-by-one error and resultant heap-based buffer overflow. CVE-2025-54349 In iperf before 3.19.1, iperfauth.c has a Base64Decode assertion failure and application exit upon a malformed authentication attempt. CVE-2025-54350 Affected...

ROS-20250825-08

A vulnerability in the Iperf3 network bandwidth measurement tool is related to an achievable assertion in the iperfauth.c. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service A vulnerability in the Iperf3 network bandwidth measurement...

Linux Distros Unpatched Vulnerability : CVE-2023-38403

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field. CVE-2023-38403 Note that Nessus relies on the...

CVE-2025-54350

A flaw was found in iperf3. A malformed Base64-encoded authentication string triggers an assertion failure within the iperfauth.c file, leading to application termination. This vulnerability allows a network attacker to induce this failure by sending a crafted authentication attempt, resulting in...

CVE-2025-54349

A flaw was found in iperf3. An off-by-one error in the iperfauth.c file leads to a heap-based buffer overflow, potentially allowing a network attacker to trigger an application-level denial of service. This overflow occurs during the processing of authentication data. The vulnerability can only b...

AZL-66068 CVE-2025-54350 affecting package iperf3 for versions less than 3.18-2

In iperf before 3.19.1, iperfauth.c has a Base64Decode assertion failure and application exit upon a malformed authentication attempt...

AZL-66060 CVE-2025-54349 affecting package iperf3 for versions less than 3.17.1-3

In iperf before 3.19.1, iperfauth.c has an off-by-one error and resultant heap-based buffer overflow...

TencentOS Server 2: iperf3 (TSSA-2023:0166)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2023:0166 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

TencentOS Server 4: iperf3 (TSSA-2025:0001)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0001 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

TencentOS Server 2: iperf3 (TSSA-2025:0099)

The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0099 advisory. Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:...

TencentOS Server 3: iperf3 (TSSA-2025:0027)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0027 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities:...

Alibaba Cloud Linux 3 : 0107: iperf3 (ALINUX3-SA-2023:0107)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2023:0107 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2023-38403: iperf3 before 3.14 allows peers to...

Azure Linux 3.0 Security Update: iperf3 (CVE-2024-53580)

The version of iperf3 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-53580 advisory. - iperf v3.17.1 was discovered to contain a segmentation violation via the iperfexchangeparameters function...

Azure Linux 3.0 Security Update: iperf3 (CVE-2024-26306)

The version of iperf3 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-26306 advisory. - iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing...