Описание
iperf v3.17.1 was discovered to contain a segmentation violation via the iperf_exchange_parameters() function.
A flaw was found in iperf. This vulnerability allows a Denial of Service (DoS) via the injection of malformed JSON data, which can result in a segmentation fault when a NULL pointer is passed to strdup().
Отчет
This vulnerability marked as important severity rather than moderate due to its potential to cause a complete denial of service (DoS) by exploiting a segmentation fault through malformed JSON data. The flaw stems from improper input validation, which allows attackers to crash the server by sending invalid data that triggers memory mismanagement. Since iperf is widely used in performance testing of network systems, a DoS attack could disrupt critical operations in production environments, leading to service outages or performance degradation in large-scale networks.
Меры по смягчению последствий
Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability.
Дополнительная информация
Статус:
EPSS
7.5 High
CVSS3
Связанные уязвимости
iperf v3.17.1 was discovered to contain a segmentation violation via the iperf_exchange_parameters() function.
iperf v3.17.1 was discovered to contain a segmentation violation via the iperf_exchange_parameters() function.
iperf v3.17.1 was discovered to contain a segmentation violation via t ...
EPSS
7.5 High
CVSS3