{"api_version":"1","generated_at":"2026-04-22T23:31:10+00:00","cve":"CVE-2023-38403","urls":{"html":"https://cve.report/CVE-2023-38403","api":"https://cve.report/api/cve/CVE-2023-38403.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2023-38403","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2023-38403"},"summary":{"title":"CVE-2023-38403","description":"iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.","state":"PUBLIC","assigner":"cve@mitre.org","published_at":"2023-07-17 21:15:00","updated_at":"2023-11-07 04:17:00"},"problem_types":["CWE-190"],"metrics":[],"references":[{"url":"https://github.com/esnet/iperf/commit/0ef151550d96cc4460f98832df84b4a1e87c65e9","name":"https://github.com/esnet/iperf/commit/0ef151550d96cc4460f98832df84b4a1e87c65e9","refsource":"MISC","tags":[],"title":"Fix memory allocation hazard (#1542). (#1543) · esnet/iperf@0ef1515 · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://seclists.org/fulldisclosure/2023/Oct/26","name":"20231025 APPLE-SA-10-25-2023-5 macOS Ventura 13.6.1","refsource":"FULLDISC","tags":[],"title":"Full Disclosure: APPLE-SA-10-25-2023-5 macOS Ventura 13.6.1","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"http://seclists.org/fulldisclosure/2023/Oct/24","name":"20231025 APPLE-SA-10-25-2023-4 macOS Sonoma 14.1","refsource":"FULLDISC","tags":[],"title":"Full Disclosure: APPLE-SA-10-25-2023-4 macOS Sonoma 14.1","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00025.html","name":"[debian-lts-announce] 20230725 [SECURITY] [DLA 3506-1] iperf3 security update","refsource":"MLIST","tags":[],"title":"[SECURITY] [DLA 3506-1] iperf3 security update","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M25Z5FHTO3XWMGP37JHJ7IIIHSGCLKEV/","name":"FEDORA-2023-5f3b4c0b97","refsource":"","tags":[],"title":"[SECURITY] Fedora 37 Update: iperf3-3.14-1.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://github.com/esnet/iperf/issues/1542","name":"https://github.com/esnet/iperf/issues/1542","refsource":"MISC","tags":[],"title":"DoS on sending invalid length in iperf_api.c+2684 · Issue #1542 · esnet/iperf · GitHub","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://security.netapp.com/advisory/ntap-20230818-0016/","name":"https://security.netapp.com/advisory/ntap-20230818-0016/","refsource":"CONFIRM","tags":[],"title":"CVE-2023-38403 Debian Vulnerability in NetApp Products | NetApp Product Security","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://bugs.debian.org/1040830","name":"https://bugs.debian.org/1040830","refsource":"MISC","tags":[],"title":"#1040830 - ESNET-SECADV-2023-0001: iperf3 memory allocation hazard and crash - Debian Bug report logs","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://support.apple.com/kb/HT213985","name":"https://support.apple.com/kb/HT213985","refsource":"CONFIRM","tags":[],"title":"About the security content of macOS Ventura 13.6.1 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://support.apple.com/kb/HT213984","name":"https://support.apple.com/kb/HT213984","refsource":"CONFIRM","tags":[],"title":"About the security content of macOS Sonoma 14.1 - Apple Support","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://cwe.mitre.org/data/definitions/130.html","name":"https://cwe.mitre.org/data/definitions/130.html","refsource":"MISC","tags":[],"title":"CWE -\r\n\n\t\tCWE-130: Improper Handling of Length Parameter Inconsistency (4.11)","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BV6EBWWF4PEQKROEVXGYSTIT2MGBTLU7/","name":"FEDORA-2023-04243a1845","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 38 Update: iperf3-3.14-1.fc38 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BV6EBWWF4PEQKROEVXGYSTIT2MGBTLU7/","name":"FEDORA-2023-04243a1845","refsource":"","tags":[],"title":"[SECURITY] Fedora 38 Update: iperf3-3.14-1.fc38 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"200"},{"url":"https://downloads.es.net/pub/iperf/esnet-secadv-2023-0001.txt.asc","name":"https://downloads.es.net/pub/iperf/esnet-secadv-2023-0001.txt.asc","refsource":"MISC","tags":[],"title":"","mime":"text/plain","httpstatus":"200","archivestatus":"404"},{"url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M25Z5FHTO3XWMGP37JHJ7IIIHSGCLKEV/","name":"FEDORA-2023-5f3b4c0b97","refsource":"FEDORA","tags":[],"title":"[SECURITY] Fedora 37 Update: iperf3-3.14-1.fc37 - package-announce - Fedora Mailing-Lists","mime":"text/html","httpstatus":"200","archivestatus":"404"},{"url":"https://www.cve.org/CVERecord?id=CVE-2023-38403","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2023-38403","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[],"nvd_cpes":[{"cve_year":"2023","cve_id":"38403","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"debian","cpe5":"debian_linux","cpe6":"10.0","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"38403","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"a","cpe4":"es","cpe5":"iperf3","cpe6":"*","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"38403","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"37","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"38403","vulnerable":"1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"fedoraproject","cpe5":"fedora","cpe6":"38","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"},{"cve_year":"2023","cve_id":"38403","vulnerable":"-1","versionEndIncluding":"","cpe1":"cpe","cpe2":"2.3","cpe3":"o","cpe4":"linux","cpe5":"linux_kernel","cpe6":"-","cpe7":"*","cpe8":"*","cpe9":"*","cpe10":"*","cpe11":"*","cpe12":"*","cpe13":"*"}],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[{"cve":"CVE-2023-38403","qid":"160817","title":"Oracle Enterprise Linux Security Update for iperf3 (ELSA-2023-4326)"},{"cve":"CVE-2023-38403","qid":"160863","title":"Oracle Enterprise Linux Security Update for iperf3 (ELSA-2023-4570)"},{"cve":"CVE-2023-38403","qid":"160864","title":"Oracle Enterprise Linux Security Update for iperf3 (ELSA-2023-4571)"},{"cve":"CVE-2023-38403","qid":"199828","title":"Ubuntu Security Notification for iperf3 Vulnerabilities (USN-6431-1)"},{"cve":"CVE-2023-38403","qid":"199829","title":"Ubuntu Security Notification for iperf3 Vulnerability (USN-6431-2)"},{"cve":"CVE-2023-38403","qid":"241867","title":"Red Hat Update for iperf3 (RHSA-2023:4326)"},{"cve":"CVE-2023-38403","qid":"241891","title":"Red Hat Update for iperf3 (RHSA-2023:4416)"},{"cve":"CVE-2023-38403","qid":"241892","title":"Red Hat Update for iperf3 (RHSA-2023:4415)"},{"cve":"CVE-2023-38403","qid":"241898","title":"Red Hat Update for iperf3 (RHSA-2023:4414)"},{"cve":"CVE-2023-38403","qid":"241901","title":"Red Hat Update for iperf3 (RHSA-2023:4431)"},{"cve":"CVE-2023-38403","qid":"241902","title":"Red Hat Update for iperf3 (RHSA-2023:4432)"},{"cve":"CVE-2023-38403","qid":"241938","title":"Red Hat Update for iperf3 (RHSA-2023:4571)"},{"cve":"CVE-2023-38403","qid":"241940","title":"Red Hat Update for iperf3 (RHSA-2023:4570)"},{"cve":"CVE-2023-38403","qid":"257250","title":"CentOS Security Update for iperf3"},{"cve":"CVE-2023-38403","qid":"257288","title":"CentOS Security Update for iperf3 (CESA-2023:4326)"},{"cve":"CVE-2023-38403","qid":"284356","title":"Fedora Security Update for iperf3 (FEDORA-2023-5f3b4c0b97)"},{"cve":"CVE-2023-38403","qid":"284357","title":"Fedora Security Update for iperf3 (FEDORA-2023-04243a1845)"},{"cve":"CVE-2023-38403","qid":"296103","title":"Oracle Solaris 11.4 Support Repository Update (SRU) 61.151.2 Missing (CPUJUL2023)"},{"cve":"CVE-2023-38403","qid":"355682","title":"Amazon Linux Security Advisory for iperf3 : ALAS2-2023-2153"},{"cve":"CVE-2023-38403","qid":"355799","title":"Amazon Linux Security Advisory for iperf3 : ALAS2023-2023-274"},{"cve":"CVE-2023-38403","qid":"378759","title":"Alibaba Cloud Linux Security Update for iperf3 (ALINUX2-SA-2023:0032)"},{"cve":"CVE-2023-38403","qid":"378970","title":"Apple macOS Ventura 13.6.1 Not Installed (HT213985)"},{"cve":"CVE-2023-38403","qid":"378975","title":"Apple MacOS Sonoma 14.1 Not Installed (HT213984)"},{"cve":"CVE-2023-38403","qid":"503043","title":"Alpine Linux Security Update for iperf3"},{"cve":"CVE-2023-38403","qid":"503047","title":"Alpine Linux Security Update for iperf3"},{"cve":"CVE-2023-38403","qid":"503050","title":"Alpine Linux Security Update for iperf3"},{"cve":"CVE-2023-38403","qid":"6000047","title":"Debian Security Update for iperf3 (DLA 3506-1)"},{"cve":"CVE-2023-38403","qid":"6000199","title":"Debian Security Update for iperf3 (DSA 5455-1)"},{"cve":"CVE-2023-38403","qid":"907187","title":"Common Base Linux Mariner (CBL-Mariner) Security Update for iperf3 (27672-1)"},{"cve":"CVE-2023-38403","qid":"941215","title":"AlmaLinux Security Update for iperf3 (ALSA-2023:4571)"},{"cve":"CVE-2023-38403","qid":"941223","title":"AlmaLinux Security Update for iperf3 (ALSA-2023:4570)"}]},"source_records":{"cve_program":{"CVE_data_meta":{"ASSIGNER":"cve@mitre.org","ID":"CVE-2023-38403","STATE":"PUBLIC"},"affects":{"vendor":{"vendor_data":[{"product":{"product_data":[{"product_name":"n/a","version":{"version_data":[{"version_value":"n/a"}]}}]},"vendor_name":"n/a"}]}},"data_format":"MITRE","data_type":"CVE","data_version":"4.0","description":{"description_data":[{"lang":"eng","value":"iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field."}]},"problemtype":{"problemtype_data":[{"description":[{"lang":"eng","value":"n/a"}]}]},"references":{"reference_data":[{"url":"https://downloads.es.net/pub/iperf/esnet-secadv-2023-0001.txt.asc","refsource":"MISC","name":"https://downloads.es.net/pub/iperf/esnet-secadv-2023-0001.txt.asc"},{"url":"https://github.com/esnet/iperf/commit/0ef151550d96cc4460f98832df84b4a1e87c65e9","refsource":"MISC","name":"https://github.com/esnet/iperf/commit/0ef151550d96cc4460f98832df84b4a1e87c65e9"},{"url":"https://bugs.debian.org/1040830","refsource":"MISC","name":"https://bugs.debian.org/1040830"},{"url":"https://github.com/esnet/iperf/issues/1542","refsource":"MISC","name":"https://github.com/esnet/iperf/issues/1542"},{"url":"https://cwe.mitre.org/data/definitions/130.html","refsource":"MISC","name":"https://cwe.mitre.org/data/definitions/130.html"},{"refsource":"MLIST","name":"[debian-lts-announce] 20230725 [SECURITY] [DLA 3506-1] iperf3 security update","url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00025.html"},{"refsource":"FEDORA","name":"FEDORA-2023-5f3b4c0b97","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/M25Z5FHTO3XWMGP37JHJ7IIIHSGCLKEV/"},{"refsource":"FEDORA","name":"FEDORA-2023-04243a1845","url":"https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/BV6EBWWF4PEQKROEVXGYSTIT2MGBTLU7/"},{"refsource":"CONFIRM","name":"https://security.netapp.com/advisory/ntap-20230818-0016/","url":"https://security.netapp.com/advisory/ntap-20230818-0016/"},{"refsource":"CONFIRM","name":"https://support.apple.com/kb/HT213984","url":"https://support.apple.com/kb/HT213984"},{"refsource":"CONFIRM","name":"https://support.apple.com/kb/HT213985","url":"https://support.apple.com/kb/HT213985"},{"refsource":"FULLDISC","name":"20231025 APPLE-SA-10-25-2023-4 macOS Sonoma 14.1","url":"http://seclists.org/fulldisclosure/2023/Oct/24"},{"refsource":"FULLDISC","name":"20231025 APPLE-SA-10-25-2023-5 macOS Ventura 13.6.1","url":"http://seclists.org/fulldisclosure/2023/Oct/26"}]}},"nvd":{"publishedDate":"2023-07-17 21:15:00","lastModifiedDate":"2023-11-07 04:17:00","problem_types":["CWE-190"],"metrics":{"baseMetricV3":{"cvssV3":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"NONE","integrityImpact":"NONE","availabilityImpact":"HIGH","baseScore":7.5,"baseSeverity":"HIGH"},"exploitabilityScore":3.9,"impactScore":3.6}},"configurations":{"CVE_data_version":"4.0","nodes":[{"operator":"AND","children":[{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:a:es:iperf3:*:*:*:*:*:*:*:*","versionEndExcluding":"3.14","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":false,"cpe23Uri":"cpe:2.3:o:linux:linux_kernel:-:*:*:*:*:*:*:*","cpe_name":[]}]}],"cpe_match":[]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*","cpe_name":[]}]},{"operator":"OR","children":[],"cpe_match":[{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:37:*:*:*:*:*:*:*","cpe_name":[]},{"vulnerable":true,"cpe23Uri":"cpe:2.3:o:fedoraproject:fedora:38:*:*:*:*:*:*:*","cpe_name":[]}]}]}},"legacy_mitre":{"record":null,"notes":[]}}}