vulnerability
Oracle Linux: CVE-2023-38403: ELSA-2023-4326: iperf3 security update (IMPORTANT) (Multiple Advisories)
| Severity | CVSS | Published | Added | Modified |
|---|---|---|---|---|
| 8 | (AV:N/AC:L/Au:N/C:N/I:N/A:C) | 2023-07-11 | 2023-08-01 | 2025-01-07 |
Severity
8
CVSS
(AV:N/AC:L/Au:N/C:N/I:N/A:C)
Published
2023-07-11
Added
2023-08-01
Modified
2025-01-07
Description
iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.
An integer overflow flaw was found in the way iperf3 dynamically allocates memory buffers for JSON-formatted messages. A remote attacker could send a specially crafted sequence of bytes on the iperf3 control channel with a specified JSON message length of 0xffffffff to trigger an integer overflow leading the receiving process to abort due to heap corruption. This flaw allows an attacker to use a malicious client to cause a denial of service of an iperf3 server or potentially use a malicious server to cause connecting clients to crash.
An integer overflow flaw was found in the way iperf3 dynamically allocates memory buffers for JSON-formatted messages. A remote attacker could send a specially crafted sequence of bytes on the iperf3 control channel with a specified JSON message length of 0xffffffff to trigger an integer overflow leading the receiving process to abort due to heap corruption. This flaw allows an attacker to use a malicious client to cause a denial of service of an iperf3 server or potentially use a malicious server to cause connecting clients to crash.
Solution(s)
oracle-linux-upgrade-iperf3oracle-linux-upgrade-iperf3-devel
NEW
Explore Exposure Command
Confidently identify and prioritize exposures from endpoint to cloud with full attack surface visibility and threat-aware risk context.