rpm package
opensuse/iperf&distro=openSUSE Tumbleweed
pkg:rpm/opensuse/iperf&distro=openSUSE%20Tumbleweed
Vulnerabilities (5)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-54351 | — | < 3.19.1-1.1 | 3.19.1-1.1 | Aug 3, 2025 | In iperf before 3.19.1, net.c has a buffer overflow when --skip-rx-copy is used (for MSG_TRUNC in recv). | ||
| CVE-2025-54350 | — | < 3.19.1-1.1 | 3.19.1-1.1 | Aug 3, 2025 | In iperf before 3.19.1, iperf_auth.c has a Base64Decode assertion failure and application exit upon a malformed authentication attempt. | ||
| CVE-2025-54349 | — | < 3.19.1-1.1 | 3.19.1-1.1 | Aug 3, 2025 | In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resultant heap-based buffer overflow. | ||
| CVE-2024-53580 | — | < 3.18-1.1 | 3.18-1.1 | Dec 18, 2024 | iperf v3.17.1 was discovered to contain a segmentation violation via the iperf_exchange_parameters() function. | ||
| CVE-2016-4303 | Cri | 9.8 | < 3.1.3-1.3 | 3.1.3-1.3 | Sep 26, 2016 | The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow. |
- CVE-2025-54351Aug 3, 2025affected < 3.19.1-1.1fixed 3.19.1-1.1
In iperf before 3.19.1, net.c has a buffer overflow when --skip-rx-copy is used (for MSG_TRUNC in recv).
- CVE-2025-54350Aug 3, 2025affected < 3.19.1-1.1fixed 3.19.1-1.1
In iperf before 3.19.1, iperf_auth.c has a Base64Decode assertion failure and application exit upon a malformed authentication attempt.
- CVE-2025-54349Aug 3, 2025affected < 3.19.1-1.1fixed 3.19.1-1.1
In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resultant heap-based buffer overflow.
- CVE-2024-53580Dec 18, 2024affected < 3.18-1.1fixed 3.18-1.1
iperf v3.17.1 was discovered to contain a segmentation violation via the iperf_exchange_parameters() function.
- affected < 3.1.3-1.3fixed 3.1.3-1.3
The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow.