CVE-2023-38403

MITRE NVD CVE.ORG Print: PDF PDF

Summary

CVECVE-2023-38403
StatePUBLIC
Assigner[email protected]
Source PriorityCVE Program / NVD first with legacy fallback
Published2023-07-17 21:15:00 UTC
Updated2023-11-07 04:17:00 UTC
Descriptioniperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.

Risk And Classification

Problem Types: CWE-190

NVD Known Affected Configurations (CPE 2.3)

TypeVendorProductVersionUpdateEditionLanguage
Operating System Debian Debian Linux 10.0 All All All
Application Es Iperf3 All All All All
Operating System Fedoraproject Fedora 37 All All All
Operating System Fedoraproject Fedora 38 All All All
Operating System Linux Linux Kernel - All All All

References

ReferenceSourceLinkTags
Fix memory allocation hazard (#1542). (#1543) · esnet/iperf@0ef1515 · GitHub MISC github.com
Full Disclosure: APPLE-SA-10-25-2023-5 macOS Ventura 13.6.1 FULLDISC seclists.org
Full Disclosure: APPLE-SA-10-25-2023-4 macOS Sonoma 14.1 FULLDISC seclists.org
[SECURITY] [DLA 3506-1] iperf3 security update MLIST lists.debian.org
[SECURITY] Fedora 37 Update: iperf3-3.14-1.fc37 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
DoS on sending invalid length in iperf_api.c+2684 · Issue #1542 · esnet/iperf · GitHub MISC github.com
CVE-2023-38403 Debian Vulnerability in NetApp Products | NetApp Product Security CONFIRM security.netapp.com
#1040830 - ESNET-SECADV-2023-0001: iperf3 memory allocation hazard and crash - Debian Bug report logs MISC bugs.debian.org
About the security content of macOS Ventura 13.6.1 - Apple Support CONFIRM support.apple.com
About the security content of macOS Sonoma 14.1 - Apple Support CONFIRM support.apple.com
CWE - CWE-130: Improper Handling of Length Parameter Inconsistency (4.11) MISC cwe.mitre.org
[SECURITY] Fedora 38 Update: iperf3-3.14-1.fc38 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
[SECURITY] Fedora 38 Update: iperf3-3.14-1.fc38 - package-announce - Fedora Mailing-Lists lists.fedoraproject.org
downloads.es.net/pub/iperf/esnet-secadv-2023-0001.txt.asc MISC downloads.es.net
[SECURITY] Fedora 37 Update: iperf3-3.14-1.fc37 - package-announce - Fedora Mailing-Lists FEDORA lists.fedoraproject.org
CVE Program record CVE.ORG www.cve.org canonical
NVD vulnerability detail NVD nvd.nist.gov canonical, analysis

Legacy QID Mappings

  • 160817 Oracle Enterprise Linux Security Update for iperf3 (ELSA-2023-4326)
  • 160863 Oracle Enterprise Linux Security Update for iperf3 (ELSA-2023-4570)
  • 160864 Oracle Enterprise Linux Security Update for iperf3 (ELSA-2023-4571)
  • 199828 Ubuntu Security Notification for iperf3 Vulnerabilities (USN-6431-1)
  • 199829 Ubuntu Security Notification for iperf3 Vulnerability (USN-6431-2)
  • 241867 Red Hat Update for iperf3 (RHSA-2023:4326)
  • 241891 Red Hat Update for iperf3 (RHSA-2023:4416)
  • 241892 Red Hat Update for iperf3 (RHSA-2023:4415)
  • 241898 Red Hat Update for iperf3 (RHSA-2023:4414)
  • 241901 Red Hat Update for iperf3 (RHSA-2023:4431)
  • 241902 Red Hat Update for iperf3 (RHSA-2023:4432)
  • 241938 Red Hat Update for iperf3 (RHSA-2023:4571)
  • 241940 Red Hat Update for iperf3 (RHSA-2023:4570)
  • 257250 CentOS Security Update for iperf3
  • 257288 CentOS Security Update for iperf3 (CESA-2023:4326)
  • 284356 Fedora Security Update for iperf3 (FEDORA-2023-5f3b4c0b97)
  • 284357 Fedora Security Update for iperf3 (FEDORA-2023-04243a1845)
  • 296103 Oracle Solaris 11.4 Support Repository Update (SRU) 61.151.2 Missing (CPUJUL2023)
  • 355682 Amazon Linux Security Advisory for iperf3 : ALAS2-2023-2153
  • 355799 Amazon Linux Security Advisory for iperf3 : ALAS2023-2023-274
  • 378759 Alibaba Cloud Linux Security Update for iperf3 (ALINUX2-SA-2023:0032)
  • 378970 Apple macOS Ventura 13.6.1 Not Installed (HT213985)
  • 378975 Apple MacOS Sonoma 14.1 Not Installed (HT213984)
  • 503043 Alpine Linux Security Update for iperf3
  • 503047 Alpine Linux Security Update for iperf3
  • 503050 Alpine Linux Security Update for iperf3
  • 6000047 Debian Security Update for iperf3 (DLA 3506-1)
  • 6000199 Debian Security Update for iperf3 (DSA 5455-1)
  • 907187 Common Base Linux Mariner (CBL-Mariner) Security Update for iperf3 (27672-1)
  • 941215 AlmaLinux Security Update for iperf3 (ALSA-2023:4571)
  • 941223 AlmaLinux Security Update for iperf3 (ALSA-2023:4570)
© CVE.report 2026 |

Use of this information constitutes acceptance for use in an AS IS condition. There are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. It is the responsibility of user to evaluate the accuracy, completeness or usefulness of any information, opinion, advice or other content. EACH USER WILL BE SOLELY RESPONSIBLE FOR ANY consequences of his or her direct or indirect use of this web site. ALL WARRANTIES OF ANY KIND ARE EXPRESSLY DISCLAIMED. This site will NOT BE LIABLE FOR ANY DIRECT, INDIRECT or any other kind of loss.

CVE, CWE, and OVAL are registred trademarks of The MITRE Corporation and the authoritative source of CVE content is MITRE's CVE web site. This site includes MITRE data granted under the following license.

CVE.report and Source URL Uptime Status status.cve.report