Skip to main content

Iperf3

7 CVEs product

Monthly

CVE-2025-54351 HIGH PATCH This Month

In iperf before 3.19.1, net.c has a buffer overflow when --skip-rx-copy is used (for MSG_TRUNC in recv). Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required.

Buffer Overflow Iperf3 Red Hat Suse
NVD GitHub
CVSS 3.1
8.9
EPSS
0.0%
CVE-2025-54350 LOW PATCH Monitor

In iperf before 3.19.1, iperf_auth.c has a Base64Decode assertion failure and application exit upon a malformed authentication attempt. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Iperf3
NVD GitHub
CVSS 3.1
3.7
EPSS
0.0%
CVE-2025-54349 MEDIUM PATCH This Month

In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resultant heap-based buffer overflow. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required.

Buffer Overflow Iperf3 Red Hat Suse
NVD GitHub
CVSS 3.1
6.5
EPSS
0.0%
CVE-2024-53580 HIGH POC This Week

iperf v3.17.1 was discovered to contain a segmentation violation via the iperf_exchange_parameters() function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Iperf3 Ontap 9 Hci Compute Node
NVD GitHub
CVSS 3.1
7.5
EPSS
0.9%
CVE-2024-26306 MEDIUM This Month

iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure OpenSSL Iperf3 Bootstrap Os
NVD GitHub
CVSS 3.1
5.9
EPSS
1.1%
CVE-2023-38403 HIGH PATCH This Week

iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Iperf3 Debian Linux Fedora +3
NVD GitHub
CVSS 3.1
7.5
EPSS
1.7%
CVE-2016-4303 CRITICAL POC PATCH Act Now

The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service RCE Buffer Overflow Iperf3 Suse Package Hub For Suse Linux Enterprise +3
NVD GitHub
CVSS 3.1
9.8
EPSS
5.7%
EPSS 0% CVSS 8.9
HIGH PATCH This Month

In iperf before 3.19.1, net.c has a buffer overflow when --skip-rx-copy is used (for MSG_TRUNC in recv). Rated high severity (CVSS 8.9), this vulnerability is remotely exploitable, no authentication required.

Buffer Overflow Iperf3 Red Hat +1
NVD GitHub
EPSS 0% CVSS 3.7
LOW PATCH Monitor

In iperf before 3.19.1, iperf_auth.c has a Base64Decode assertion failure and application exit upon a malformed authentication attempt. Rated low severity (CVSS 3.7), this vulnerability is remotely exploitable, no authentication required.

Denial Of Service Iperf3
NVD GitHub
EPSS 0% CVSS 6.5
MEDIUM PATCH This Month

In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resultant heap-based buffer overflow. Rated medium severity (CVSS 6.5), this vulnerability is remotely exploitable, no authentication required.

Buffer Overflow Iperf3 Red Hat +1
NVD GitHub
EPSS 1% CVSS 7.5
HIGH POC This Week

iperf v3.17.1 was discovered to contain a segmentation violation via the iperf_exchange_parameters() function. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.

Null Pointer Dereference Denial Of Service Iperf3 +2
NVD GitHub
EPSS 1% CVSS 5.9
MEDIUM This Month

iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. Rated medium severity (CVSS 5.9), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure OpenSSL Iperf3 +1
NVD GitHub
EPSS 2% CVSS 7.5
HIGH PATCH This Week

iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field. Rated high severity (CVSS 7.5), this vulnerability is remotely exploitable, no authentication required, low attack complexity.

Integer Overflow Buffer Overflow Iperf3 +5
NVD GitHub
EPSS 6% CVSS 9.8
CRITICAL POC PATCH Act Now

The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available.

Denial Of Service RCE Buffer Overflow +5
NVD GitHub

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy