Iperf3 Security Vulnerabilities and Issues — Iperf3 CVE List

Lucene search

EsIperf3

6 matches found

CVE•added 2016/09/26 2:59 p.m.•195 views

CVE-2016-4303

The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow.

9.8CVSS9.5AI score0.05758EPSS

Web

CVE•added 2023/07/17 9:15 p.m.•179 views

CVE-2023-38403

iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.

7.5CVSS7.6AI score0.01288EPSS

CVE•added 2024/03/18 1:15 p.m.•106 views

CVE-2023-7250

A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf server, which can cause the server to hang indefinitely waiting for the remainder or until the connection g...

5.3CVSS5.1AI score0.00045EPSS

CVE•added 2025/08/03 2:15 a.m.•23 views

CVE-2025-54349

In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resultant heap-based buffer overflow.

10CVSS6.6AI score0.00054EPSS

CVE•added 2025/08/03 2:15 a.m.•22 views

CVE-2025-54351

In iperf before 3.19.1, net.c has a buffer overflow when --skip-rx-copy is used (for MSG_TRUNC in recv).

10CVSS6.9AI score0.00054EPSS

CVE•added 2025/08/03 2:15 a.m.•18 views

CVE-2025-54350

In iperf before 3.19.1, iperf_auth.c has a Base64Decode assertion failure and application exit upon a malformed authentication attempt.

5.3CVSS6.7AI score0.00055EPSS