rpm package
suse/iperf&distro=SUSE Enterprise Storage 7.1
pkg:rpm/suse/iperf&distro=SUSE%20Enterprise%20Storage%207.1
Vulnerabilities (6)
| CVE | Sev | CVSS | KEV | Affected versions | Fixed in | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-54351 | — | < 3.19.1-150000.3.15.1 | 3.19.1-150000.3.15.1 | Aug 3, 2025 | In iperf before 3.19.1, net.c has a buffer overflow when --skip-rx-copy is used (for MSG_TRUNC in recv). | ||
| CVE-2025-54350 | — | < 3.19.1-150000.3.15.1 | 3.19.1-150000.3.15.1 | Aug 3, 2025 | In iperf before 3.19.1, iperf_auth.c has a Base64Decode assertion failure and application exit upon a malformed authentication attempt. | ||
| CVE-2025-54349 | — | < 3.19.1-150000.3.15.1 | 3.19.1-150000.3.15.1 | Aug 3, 2025 | In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resultant heap-based buffer overflow. | ||
| CVE-2024-53580 | — | < 3.18-150000.3.12.1 | 3.18-150000.3.12.1 | Dec 18, 2024 | iperf v3.17.1 was discovered to contain a segmentation violation via the iperf_exchange_parameters() function. | ||
| CVE-2024-26306 | — | < 3.17.1-150000.3.9.1 | 3.17.1-150000.3.9.1 | May 13, 2024 | iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large | ||
| CVE-2023-38403 | — | < 3.5-150000.3.3.1 | 3.5-150000.3.3.1 | Jul 17, 2023 | iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field. |
- CVE-2025-54351Aug 3, 2025affected < 3.19.1-150000.3.15.1fixed 3.19.1-150000.3.15.1
In iperf before 3.19.1, net.c has a buffer overflow when --skip-rx-copy is used (for MSG_TRUNC in recv).
- CVE-2025-54350Aug 3, 2025affected < 3.19.1-150000.3.15.1fixed 3.19.1-150000.3.15.1
In iperf before 3.19.1, iperf_auth.c has a Base64Decode assertion failure and application exit upon a malformed authentication attempt.
- CVE-2025-54349Aug 3, 2025affected < 3.19.1-150000.3.15.1fixed 3.19.1-150000.3.15.1
In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resultant heap-based buffer overflow.
- CVE-2024-53580Dec 18, 2024affected < 3.18-150000.3.12.1fixed 3.18-150000.3.12.1
iperf v3.17.1 was discovered to contain a segmentation violation via the iperf_exchange_parameters() function.
- CVE-2024-26306May 13, 2024affected < 3.17.1-150000.3.9.1fixed 3.17.1-150000.3.9.1
iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large
- CVE-2023-38403Jul 17, 2023affected < 3.5-150000.3.3.1fixed 3.5-150000.3.3.1
iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.