CVE-2023-38403

iperf3: memory allocation hazard and crash

Severity Score

7.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Attend

*SSVC

Descriptions

iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.

An integer overflow flaw was found in the way iperf3 dynamically allocates memory buffers for JSON-formatted messages. A remote attacker could send a specially crafted sequence of bytes on the iperf3 control channel with a specified JSON message length of 0xffffffff to trigger an integer overflow leading the receiving process to abort due to heap corruption. This flaw allows an attacker to use a malicious client to cause a denial of service of an iperf3 server or potentially use a malicious server to cause connecting clients to crash.

It was discovered that iperf3 did not properly manage certain inputs, which could lead to a crash. A remote attacker could possibly use this issue to cause a denial of service. Jorge Sancho Larraz discovered that iperf3 did not properly manage certain inputs, which could cause the server process to stop responding, waiting for input on the control connection. A remote attacker could possibly use this issue to cause a denial of service.

*Credits: N/A

Attack Vector

Network

Attack Complexity

Low

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

None

Availability

High

Attack Vector

Network

Attack Complexity

Low

Authentication

None

Confidentiality

None

Integrity

None

Availability

Complete

* Common Vulnerability Scoring System

SSVC

Decision:Attend

Exploitation

None

Automatable

Yes

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2023-07-17 CVE Reserved
2023-07-17 CVE Published
2024-11-27 CVE Updated
2025-03-30 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-190: Integer Overflow or Wraparound

CAPEC

References (15)

URL	Tag	Source
http://seclists.org/fulldisclosure/2023/Oct/24	Mailing List
http://seclists.org/fulldisclosure/2023/Oct/26	Mailing List
https://bugs.debian.org/1040830	Third Party Advisory
https://cwe.mitre.org/data/definitions/130.html	Third Party Advisory
https://lists.debian.org/debian-lts-announce/2023/07/msg00025.html	Mailing List
https://security.netapp.com/advisory/ntap-20230818-0016	Third Party Advisory
https://support.apple.com/kb/HT213984	Release Notes
https://support.apple.com/kb/HT213985	Release Notes

URL	Date	SRC

URL	Date	SRC
https://github.com/esnet/iperf/commit/0ef151550d96cc4460f98832df84b4a1e87c65e9	2024-01-09

URL	Date	SRC
https://downloads.es.net/pub/iperf/esnet-secadv-2023-0001.txt.asc	2024-01-09
https://github.com/esnet/iperf/issues/1542	2024-01-09
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BV6EBWWF4PEQKROEVXGYSTIT2MGBTLU7	2024-01-09
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M25Z5FHTO3XWMGP37JHJ7IIIHSGCLKEV	2024-01-09
https://access.redhat.com/security/cve/CVE-2023-38403	2023-08-08
https://bugzilla.redhat.com/show_bug.cgi?id=2222204	2023-08-08

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Es Search vendor "Es"	Iperf3 Search vendor "Es" for product "Iperf3"	< 3.14 Search vendor "Es" for product "Iperf3" and version " < 3.14"	-	Affected	in	Linux Search vendor "Linux"	Linux Kernel Search vendor "Linux" for product "Linux Kernel"	-	-	Safe
Debian Search vendor "Debian"		Debian Linux Search vendor "Debian" for product "Debian Linux"				10.0 Search vendor "Debian" for product "Debian Linux" and version "10.0"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				37 Search vendor "Fedoraproject" for product "Fedora" and version "37"		-		Affected
Fedoraproject Search vendor "Fedoraproject"		Fedora Search vendor "Fedoraproject" for product "Fedora"				38 Search vendor "Fedoraproject" for product "Fedora" and version "38"		-		Affected
Netapp Search vendor "Netapp"		Ontap Select Deploy Administration Utility Search vendor "Netapp" for product "Ontap Select Deploy Administration Utility"				-		-		Affected
Netapp Search vendor "Netapp"		Clustered Data Ontap Search vendor "Netapp" for product "Clustered Data Ontap"				9.0 Search vendor "Netapp" for product "Clustered Data Ontap" and version "9.0"		-		Affected
Apple Search vendor "Apple"		Macos Search vendor "Apple" for product "Macos"				< 13.6.1 Search vendor "Apple" for product "Macos" and version " < 13.6.1"		-		Affected
Apple Search vendor "Apple"		Macos Search vendor "Apple" for product "Macos"				14.0 Search vendor "Apple" for product "Macos" and version "14.0"		-		Affected