Veracode Vulnerability DatabaseVERACODE:41424Denial Of Service (DoS)
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.003 Low
EPSS
Percentile
65.9%
iperf3 is vulnerable to Denial Of Service (DoS). The vulnerability exists due to the library’s integer overflow and heap corruption, which allows an attacker to crash the application by providing a maliciously crafted length field.
References
seclists.org/fulldisclosure/2023/Oct/24
seclists.org/fulldisclosure/2023/Oct/26
bugs.debian.org/1040830
cwe.mitre.org/data/definitions/130.html
downloads.es.net/pub/iperf/esnet-secadv-2023-0001.txt.asc
github.com/esnet/iperf/commit/0ef151550d96cc4460f98832df84b4a1e87c65e9
github.com/esnet/iperf/issues/1542
lists.debian.org/debian-lts-announce/2023/07/msg00025.html
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BV6EBWWF4PEQKROEVXGYSTIT2MGBTLU7/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M25Z5FHTO3XWMGP37JHJ7IIIHSGCLKEV/
lists.fedoraproject.org/archives/list/[email protected]/message/BV6EBWWF4PEQKROEVXGYSTIT2MGBTLU7/
lists.fedoraproject.org/archives/list/[email protected]/message/M25Z5FHTO3XWMGP37JHJ7IIIHSGCLKEV/
secdb.alpinelinux.org/v3.15/main.yaml
secdb.alpinelinux.org/v3.16/main.yaml
secdb.alpinelinux.org/v3.17/main.yaml
security.netapp.com/advisory/ntap-20230818-0016/
support.apple.com/kb/HT213984
support.apple.com/kb/HT213985
Related
7.5 High
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
NONE
Availability Impact
HIGH
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
0.003 Low
EPSS
Percentile
65.9%