FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

iperf3 -- buffer overflow

Affected packages
3.1 <= iperf3 < 3.1.3
3.0 <= iperf3 < 3.0.12

Details

VuXML ID d6bbf2d8-2cfc-11e6-800b-080027468580
Discovery 2016-06-08
Entry 2016-06-08

ESnet reports:

A malicious process can connect to an iperf3 server and, by sending a malformed message on the control channel, corrupt the server process's heap area. This can lead to a crash (and a denial of service), or theoretically a remote code execution as the user running the iperf3 server. A malicious iperf3 server could potentially mount a similar attack on an iperf3 client.

[source]

References

CVE Name CVE-2016-4303
URL https://raw.githubusercontent.com/esnet/security/master/cve-2016-4303/esnet-secadv-2016-0001.txt.asc

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.