FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

iperf3 -- buffer overflow

Affected packages
3.1 <= iperf3 < 3.1.3
3.0 <= iperf3 < 3.0.12


VuXML ID d6bbf2d8-2cfc-11e6-800b-080027468580
Discovery 2016-06-08
Entry 2016-06-08

ESnet reports:

A malicious process can connect to an iperf3 server and, by sending a malformed message on the control channel, corrupt the server process's heap area. This can lead to a crash (and a denial of service), or theoretically a remote code execution as the user running the iperf3 server. A malicious iperf3 server could potentially mount a similar attack on an iperf3 client.


CVE Name CVE-2016-4303