CVE-2023-38403 – iperf3: memory allocation hazard and crash

https://notcve.org/view.php?id=CVE-2023-38403

iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field. An integer overflow flaw was found in the way iperf3 dynamically allocates memory buffers for JSON-formatted messages. A remote attacker could send a specially crafted sequence of bytes on the iperf3 control channel with a specified JSON message length of 0xffffffff to trigger an integer overflow leading the receiving process to abort due to heap corruption. This flaw allows an attacker to use a malicious client to cause a denial of service of an iperf3 server or potentially use a malicious server to cause connecting clients to crash. • http://seclists.org/fulldisclosure/2023/Oct/24 http://seclists.org/fulldisclosure/2023/Oct/26 https://bugs.debian.org/1040830 https://cwe.mitre.org/data/definitions/130.html https://downloads.es.net/pub/iperf/esnet-secadv-2023-0001.txt.asc https://github.com/esnet/iperf/commit/0ef151550d96cc4460f98832df84b4a1e87c65e9 https://github.com/esnet/iperf/issues/1542 https://lists.debian.org/debian-lts-announce/2023/07/msg00025.html https://lists.fedoraproject.org/archives/list/package-announce% • CWE-190: Integer Overflow or Wraparound •