iperf3 uses the length to determine the size of a dynamically allocated memory buffer in which to store the incoming message. If the length equals 0xffffffff, an integer overflow can be triggered in the receiving iperf3 process (typically the server), which can in turn cause heap corruption and an abort/crash. While this is unlikely to happen during normal iperf3 operation, a suitably crafted client program could send a sequence of bytes on the iperf3 control channel to cause an iperf3 server to crash. Reference: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040830 https://downloads.es.net/pub/iperf/esnet-secadv-2023-0001.txt.asc https://github.com/esnet/iperf/issues/1542 https://github.com/esnet/iperf/pull/1543 https://github.com/esnet/iperf/commit/0ef151550d96cc4460f98832df84b4a1e87c65e9 (3.14)
Created iperf3 tracking bugs for this issue: Affects: fedora-all [bug 2223495]
This issue has been addressed in the following products: Red Hat Enterprise Linux 7 Via RHSA-2023:4326 https://access.redhat.com/errata/RHSA-2023:4326
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.1 Update Services for SAP Solutions Via RHSA-2023:4416 https://access.redhat.com/errata/RHSA-2023:4416
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.6 Extended Update Support Via RHSA-2023:4414 https://access.redhat.com/errata/RHSA-2023:4414
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.2 Advanced Update Support Red Hat Enterprise Linux 8.2 Update Services for SAP Solutions Red Hat Enterprise Linux 8.2 Telecommunications Update Service Via RHSA-2023:4415 https://access.redhat.com/errata/RHSA-2023:4415
This issue has been addressed in the following products: Red Hat Enterprise Linux 9.0 Extended Update Support Via RHSA-2023:4431 https://access.redhat.com/errata/RHSA-2023:4431
This issue has been addressed in the following products: Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions Red Hat Enterprise Linux 8.4 Telecommunications Update Service Via RHSA-2023:4432 https://access.redhat.com/errata/RHSA-2023:4432
This issue has been addressed in the following products: Red Hat Enterprise Linux 9 Via RHSA-2023:4571 https://access.redhat.com/errata/RHSA-2023:4571
This issue has been addressed in the following products: Red Hat Enterprise Linux 8 Via RHSA-2023:4570 https://access.redhat.com/errata/RHSA-2023:4570
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s): https://access.redhat.com/security/cve/cve-2023-38403