8 matches found
CVE-2023-38403
CVE-2023-38403 affects iperf3 builds prior to 3.14 (versions < 3.14). The vulnerability arises from a memory/length handling issue that can cause an integer overflow and heap corruption, with the potential for crash or arbitrary code execution as described in the reports. Exploitation status i...
CVE-2016-4303
CVE-2016-4303 affects iperf/iperf3 and the cJSON-UTF8/UTF-16 parsing path; the vulnerability allows denial of service or arbitrary code execution via a crafted JSON string that triggers a heap-based buffer overflow. The connected docs confirm downstream patches: upstream releases addressed the is...
CVE-2024-53580
CVE-2024-53580 affects iperf3, with a segmentation fault triggered in iperf_exchange_parameters() in version 3.17.1. Public sources indicate the issue impacts iperf3 and is addressed in the 3.18 line (e.g., patches and advisories across Linux distributions such as Debian LTS, Amazon Linux ALAS/AL...
CVE-2023-7250
CVE-2023-7250 affects iperf/iperf3: a misbehaving client that sends less data than expected can cause the iperf3 server to hang waiting for the remainder, denying service to other connections. Affected projects and notes from connected sources confirm the vulnerability in iperf3 when used as a se...
CVE-2025-54349
CVE-2025-54349 affects iperf3 prior to version 3.19.1, caused by an off-by-one in iperf_auth.c leading to a heap-based buffer overflow. Connected advisories confirm a patch was released with iperf3-3.19.1 (and related debian/alma/linux advisories reference the fix). Affected product is iperf3; ro...
CVE-2024-26306
CVE-2024-26306 concerns iperf3 prior to 3.17 when used as a server with RSA authentication under OpenSSL prior to 3.2.0. A timing side-channel exists in the RSA decryption operation, potentially enabling an attacker to recover credential plaintext after sending a large number of trial messages, d...
CVE-2025-54351
In iperf before 3.19.1, net.c is vulnerable to a buffer overflow when --skip-rx-copy is used (for MSG_TRUNC in recv). Affected products are iperf 3.19 and older. The issue is addressed in iperf 3.19.1, with advisories and patches published by multiple vendors (e.g., openSUSE/SUSE SUSE-SU-2025:027...
CVE-2025-54350
CVE-2025-54350 affects iperf/iperf3 prior to version 3.19.1. The issue is an assertion failure in iperf_auth.c during a malformed authentication attempt, caused by a Base64Decode error, which can cause the application to exit. Several connected advisories confirm the impact and the fix version: p...