CVE-2023-38403
HIGH | Platform: macOS | Changelog
CVE Details
Description
iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.
CVSS 3.1 Score
| Metric | Value |
|---|---|
| Base Score | 7.5 (HIGH) |
| Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H |
Weakness
References
- Apple Security Advisory
- NVD Entry
- http://seclists.org/fulldisclosure/2023/Oct/24 (Mailing List, Third Party Advisory)
- http://seclists.org/fulldisclosure/2023/Oct/26 (Mailing List, Third Party Advisory)
- https://bugs.debian.org/1040830 (Third Party Advisory)
- https://cwe.mitre.org/data/definitions/130.html (Third Party Advisory)
- https://downloads.es.net/pub/iperf/esnet-secadv-2023-0001.txt.asc (Vendor Advisory)
- https://github.com/esnet/iperf/commit/0ef151550d96cc4460f98832df84b4a1e87c65e9 (Patch)
- https://github.com/esnet/iperf/issues/1542 (Issue Tracking, Vendor Advisory)
- https://lists.debian.org/debian-lts-announce/2023/07/msg00025.html (Mailing List, Third Party Advisory)