CVE-2023-7250Permissive List of Allowed Inputs in Iperf3

CWE-183Permissive List of Allowed Inputs9 documents8 sources
Severity
5.3MEDIUMNVD
EPSS
0.1%
top 83.19%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
5
ES Iperf3Redhat Enterprise LinuxRedhat Enterprise Linux FOR ARM 64+2 more
Timeline
PublishedMar 18
Latest updateJan 21

Description

A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf server, which can cause the server to hang indefinitely waiting for the remainder or until the connection gets closed. This will prevent other connections to the server, leading to a denial of service.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:LExploitability: 3.9 | Impact: 1.4

Affected Packages3 packages

NVDes/iperf3< 3.15
Debianes/iperf3< 3.9-1+deb11u2+2
Ubuntues/iperf3< 3.9-1+deb11u1ubuntu0.1+3

Also affects: Enterprise Linux 8.0, 9.0

🔴Vulnerability Details

4
OSV
iperf3 vulnerabilities2026-01-21
CVEList
Iperf3: possible denial of service2024-03-18
OSV
CVE-2023-7250: A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP2024-03-18
GHSA
GHSA-g636-8hgg-7gx9: A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP2024-03-18

📋Vendor Advisories

4
Ubuntu
iperf3 vulnerabilities2026-01-21
Microsoft
Iperf3: possible denial of service2024-03-12
Red Hat
iperf3: possible denial of service2023-10-16
Debian
CVE-2023-7250: iperf3 - A flaw was found in iperf, a utility for testing network performance using TCP, ...2023
CVE-2023-7250 — Permissive List of Allowed Inputs | cvebase