2244707 – (CVE-2023-7250, ESNET-SECADV-2023-0002) CVE-2023-7250 iperf3: possible denial of service

Bug 2244707 (CVE-2023-7250, ESNET-SECADV-2023-0002) - CVE-2023-7250 iperf3: possible denial of service

Summary: CVE-2023-7250 iperf3: possible denial of service

Keywords:
Status:	NEW
Alias:	CVE-2023-7250, ESNET-SECADV-2023-0002
Product:	Security Response
Classification:	Other
Component:	vulnerability
Sub Component:
Version:	unspecified
Hardware:	All
OS:	Linux
Priority:	medium
Severity:	medium
Target Milestone:	---
Assignee:	Product Security
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:	2244708
Blocks:	2244706
TreeView+	depends on / blocked

Reported:	2023-10-17 21:57 UTC by Robb Gatica
Modified:	2024-03-18 12:02 UTC (History)
CC List:	1 user (show)
Fixed In Version:	iperf-3.15
Doc Type:	If docs needed, set a value
Doc Text:	A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf server, which can cause the server to hang indefinitely waiting for the remainder or until the connection gets closed. This will prevent other connections to the server, leading to a denial of service.
Clone Of:
Environment:
Last Closed:
Embargoed:

Attachments	(Terms of Use)

Description Robb Gatica 2023-10-17 21:57:14 UTC

Reference: http://localhost:5600/static/?#/asm_ticket/102084

Original advisory details: Jorge Sancho Larraz discovered that iperf3 did not properly manage certain inputs, which could cause the server process to stop responding, waiting for input on the control connection. A remote attacker could possibly use this issue to cause a denial of service. (LP: #2038654)

Comment 1 Robb Gatica 2023-10-17 21:57:30 UTC

Created iperf3 tracking bugs for this issue:

Affects: fedora-all [bug 2244708]

Note You need to log in before you can comment on or make changes to this bug.