Описание
In iperf before 3.19.1, net.c has a buffer overflow when --skip-rx-copy is used (for MSG_TRUNC in recv).
A flaw was found in iperf3. The recv function in net.c exhibits a buffer overflow when the --skip-rx-copy option is used with MSG_TRUNC, allowing a network attacker to trigger the overflow. This vulnerability allows an attacker to send a specially crafted message. The resulting buffer overflow may lead to an application-level denial of service.
Отчет
This vulnerability was introduced with option --skip-rx-copy which was added after version 3.17.1. We currently have an older version of code in Red Hat Enterprise Linux(RHEL). No Red Hat products or offerings are affected by this vulnerability. This vulnerability marked as Important instead a Moderate flaw due to the nature of the bug and the execution context. The flaw lies in the mishandling of buffer boundaries when the MSG_TRUNC flag is used in conjunction with the --skip-rx-copy option, leading to a classical buffer overflow. Unlike typical logic or input validation bugs that may merely crash an application, buffer overflows directly corrupt memory, potentially allowing arbitrary code execution depending on memory layout and platform-specific mitigations. Since iperf3 is often used in automated performance testing setups, CI pipelines, or even embedded environments, attackers could exploit this vulnerability remotely by sending crafted UDP packets, leading to memory corruption without any authentication. The use of MSG_TRUNC and skipped copy operations already places the application in a performance-optimized but less safe path, and the lack of proper bounds checking under these conditions makes it a memory safety issue—a class of bugs known to be exploitable and impactful
Меры по смягчению последствий
No mitigation is currently available that meets Red Hat Product Security’s standards for usability, deployment, applicability, or stability.
Затронутые пакеты
| Платформа | Пакет | Состояние | Рекомендация | Релиз |
|---|---|---|---|---|
| Red Hat Enterprise Linux 10 | iperf3 | Not affected | ||
| Red Hat Enterprise Linux 7 | iperf3 | Not affected | ||
| Red Hat Enterprise Linux 8 | iperf3 | Not affected | ||
| Red Hat Enterprise Linux 9 | iperf3 | Not affected |
Показывать по
Дополнительная информация
Статус:
EPSS
8.9 High
CVSS3
Связанные уязвимости
In iperf before 3.19.1, net.c has a buffer overflow when --skip-rx-copy is used (for MSG_TRUNC in recv).
In iperf before 3.19.1, net.c has a buffer overflow when --skip-rx-copy is used (for MSG_TRUNC in recv).
In iperf before 3.19.1, net.c has a buffer overflow when --skip-rx-cop ...
In iperf before 3.19.1, net.c has a buffer overflow when --skip-rx-copy is used (for MSG_TRUNC in recv).
EPSS
8.9 High
CVSS3