PT-2023-3693 · Iperf3+9 · Iperf3+9

Inooo

Published

2023-07-06

Updated

2025-08-11

CVE-2023-38403

CVSS v2.0

7.8

High

Vector

AV:N/AC:L/Au:N/C:N/I:N/A:C

Name of the Vulnerable Software and Affected Versions iperf3 versions prior to 3.14

Description The issue is related to an integer overflow when handling field lengths, which can be exploited by a remote attacker to cause a denial of service. This can lead to heap corruption via a crafted length field.

Recommendations For versions prior to 3.14, update to version 3.14 or later to resolve the issue. As a temporary workaround, consider restricting access to the iperf3 tool until a patch is applied.

Fix

DoS

Integer Overflow

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-190

Related Identifiers

ALSA-2023:4570

ALSA-2023:4571

AZL-27672

BDU:2023-03980

CESA-2023_4326

CESA-2023_4570

CVE-2023-38403

DLA-3506-1

DSA-5455-1

MGASA-2023-0271

OESA-2023-1497

OPENSUSE-SU-2023_2987-1

OPENSUSE-SU-2024:13060-1

RHSA-2023:4326

RHSA-2023:4414

RHSA-2023:4415

RHSA-2023:4416

RHSA-2023:4431

RHSA-2023:4432

RHSA-2023:4570

RHSA-2023:4571

RHSA-2023_4326

RHSA-2023_4570

RHSA-2023_4571

RLSA-2023:4570

RLSA-2023:4571

SUSE-SU-2023:2987-1

SUSE-SU-2023:3887-1

USN-6431-1

USN-6431-2

USN-6431-3

Affected Products

Almalinux

Centos

Linuxmint

Apple Macos

Red Hat

Red Os

Rocky Linux

Suse

Ubuntu

Iperf3

PT-2023-3693 · Iperf3+9 · Iperf3+9

CVE-2023-38403

Weakness Enumeration

Related Identifiers

Affected Products

References · 79