Bug 2223676 - CVE-2023-38403 iperf3: memory allocation hazard and crash [rhel-9]
Summary: CVE-2023-38403 iperf3: memory allocation hazard and crash [rhel-9]
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Red Hat Enterprise Linux 9
Classification: Red Hat
Component: iperf3
Version: CentOS Stream
Hardware: Unspecified
OS: Unspecified
unspecified
medium
Target Milestone: rc
: ---
Assignee: Michal Ruprich
QA Contact: František Hrdina
URL:
Whiteboard:
Depends On:
Blocks: CVE-2023-38403
TreeView+ depends on / blocked
 
Reported: 2023-07-18 13:47 UTC by Jonathan Wright
Modified: 2023-08-11 13:17 UTC (History)
6 users (show)

Fixed In Version: iperf3-3.9-11.el9
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2023-08-11 13:17:12 UTC
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RHELPLAN-162604 0 None None None 2023-07-18 13:49:23 UTC

Description Jonathan Wright 2023-07-18 13:47:55 UTC 
More information about this security flaw is available in the following bug:

http://bugzilla.redhat.com/show_bug.cgi?id=2222204
Comment 1 Jonathan Wright 2023-07-18 14:22:21 UTC 
https://gitlab.com/redhat/centos-stream/rpms/iperf3/-/merge_requests/4
Comment 4 Michal Ruprich 2023-08-09 14:26:56 UTC 
Fix in git, moving to MODIFIED.

git: https://gitlab.com/redhat/centos-stream/rpms/iperf3/-/commit/3b2f893b4a102a3834c355ee8d29bb5a6c584073

build: https://kojihub.stream.rdu2.redhat.com/koji/buildinfo?buildID=36160
Comment 8 Michal Ruprich 2023-08-11 13:17:12 UTC 
This issue is now fixed in the CentOS Stream by this build:

https://kojihub.stream.rdu2.redhat.com/koji/buildinfo?buildID=36160

The git commit can be found here:

https://gitlab.com/redhat/centos-stream/rpms/iperf3/-/commit/3b2f893b4a102a3834c355ee8d29bb5a6c584073

Feel free to reopen the bug if you feel that this needs more attention.
Note You need to log in before you can comment on or make changes to this bug.