Bug 2223676

Summary: CVE-2023-38403 iperf3: memory allocation hazard and crash [rhel-9]
Product: Red Hat Enterprise Linux 9 Reporter: Jonathan Wright <jonathan>
Component: iperf3Assignee: Michal Ruprich <mruprich>
Status: CLOSED CURRENTRELEASE QA Contact: FrantiĊĦek Hrdina <fhrdina>
Severity: medium Docs Contact:
Priority: unspecified    
Version: CentOS StreamCC: bstinson, carl, fhrdina, jwboyer, mcascell, ngompa13
Target Milestone: rcKeywords: AutoVerified, Triaged
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: iperf3-3.9-11.el9 Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2023-08-11 13:17:12 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 2222204    

Description Jonathan Wright 2023-07-18 13:47:55 UTC 
More information about this security flaw is available in the following bug:

http://bugzilla.redhat.com/show_bug.cgi?id=2222204
Comment 1 Jonathan Wright 2023-07-18 14:22:21 UTC 
https://gitlab.com/redhat/centos-stream/rpms/iperf3/-/merge_requests/4
Comment 4 Michal Ruprich 2023-08-09 14:26:56 UTC 
Fix in git, moving to MODIFIED.

git: https://gitlab.com/redhat/centos-stream/rpms/iperf3/-/commit/3b2f893b4a102a3834c355ee8d29bb5a6c584073

build: https://kojihub.stream.rdu2.redhat.com/koji/buildinfo?buildID=36160
Comment 8 Michal Ruprich 2023-08-11 13:17:12 UTC 
This issue is now fixed in the CentOS Stream by this build:

https://kojihub.stream.rdu2.redhat.com/koji/buildinfo?buildID=36160

The git commit can be found here:

https://gitlab.com/redhat/centos-stream/rpms/iperf3/-/commit/3b2f893b4a102a3834c355ee8d29bb5a6c584073

Feel free to reopen the bug if you feel that this needs more attention.