CVE-2023-38403
published 2023-07-17CVE-2023-38403: iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.
high7.5CVSS 3.1
AVNACLPRNUINSUCNINAH
iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.
Affected
21 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| apple | macos | < 13.6.1 | 13.6.1 |
| apple | macos | — | — |
| apple | macos_sonoma | — | — |
| apple | macos_ventura | — | — |
| debian | debian_linux | — | — |
| debian | iperf3 | < iperf3 3.12-1+deb12u1 (bookworm) | iperf3 3.12-1+deb12u1 (bookworm) |
| es | iperf3 | < 3.14 | 3.14 |
| es | iperf3 | >= 0 < 3.9-1+deb11u1 | 3.9-1+deb11u1 |
| es | iperf3 | >= 0 < 3.12-1+deb12u1 | 3.12-1+deb12u1 |
| es | iperf3 | >= 0 < 3.14-1 | 3.14-1 |
| es | iperf3 | >= 0 < 3.14-1 | 3.14-1 |
| es | iperf3 | >= 0 < 3.9-1+deb11u1build0.22.04.1 | 3.9-1+deb11u1build0.22.04.1 |
| es | iperf3 | >= 0 < 3.0.11-1ubuntu0.1~esm2 | 3.0.11-1ubuntu0.1~esm2 |
| es | iperf3 | >= 0 < 3.1.3-1ubuntu0.1~esm1 | 3.1.3-1ubuntu0.1~esm1 |
| es | iperf3 | >= 0 < 3.7-3ubuntu0.1~esm1 | 3.7-3ubuntu0.1~esm1 |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| msrc | cbl2_iperf3_3.14-1_on_cbl_mariner_2.0 | — | — |
| msrc | cbl_mariner_2.0_arm | — | — |
| msrc | cbl_mariner_2.0_x64 | — | — |
| netapp | clustered_data_ontap | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
osv7.5HIGH