Bugzilla – Bug 1213430
VUL-0: CVE-2023-38403: iperf: integer overflow leading to heap buffer overflow
Last modified: 2023-09-26 12:30:03 UTC
CVE-2023-38403 iperf3 uses the length to determine the size of a dynamically allocated memory buffer in which to store the incoming message. If the length equals 0xffffffff, an integer overflow can be triggered in the receiving iperf3 process (typically the server), which can in turn cause heap corruption and an abort/crash. While this is unlikely to happen during normal iperf3 operation, a suitably crafted client program could send a sequence of bytes on the iperf3 control channel to cause an iperf3 server to crash. Upstream fix: https://github.com/esnet/iperf/commit/0ef151550d96cc4460f98832df84b4a1e87c65e9 Reference: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040830 http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-38403 https://bugzilla.redhat.com/show_bug.cgi?id=2222204 https://www.cve.org/CVERecord?id=CVE-2023-38403 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040830 https://cwe.mitre.org/data/definitions/130.html https://downloads.es.net/pub/iperf/esnet-secadv-2023-0001.txt.asc https://github.com/esnet/iperf/commit/0ef151550d96cc4460f98832df84b4a1e87c65e9 https://github.com/esnet/iperf/issues/1542
There is no maintainer for iperf. @Michal, I assigned the bug to you since you are the last one who updated iperf (in 2018...). Feel free to reassign to someone else if you think there is a better fit. Affected: - SUSE:SLE-15:Update - openSUSE:Factory
iperf is more or less actively maintained in OBS: https://build.opensuse.org/package/show/network:utilities/iperf Perhaps someone can just take the latest version and submit as a MU to 15.4/15.5/Factory?
(In reply to Michal Svec from comment #4) > iperf is more or less actively maintained in OBS: > https://build.opensuse.org/package/show/network:utilities/iperf > > Perhaps someone can just take the latest version and submit as > a MU to 15.4/15.5/Factory? I submitted the security backport separately. version update requires an ECO. the immediate need is solved. we can do a version update however. would you be able to create the ECO and push that through the approvals?
Since iperf is only in PH, it's enough to submit to Leap 15.4/15.5 and PH will inherit it automatically (and no ECO is needed).
SUSE-SU-2023:2987-1: An update that solves one vulnerability can now be installed. Category: security (important) Bug References: 1213430 CVE References: CVE-2023-38403 Sources used: openSUSE Leap 15.4 (src): iperf-3.5-150000.3.3.1 openSUSE Leap 15.5 (src): iperf-3.5-150000.3.3.1 SUSE Package Hub 15 15-SP4 (src): iperf-3.5-150000.3.3.1 SUSE Package Hub 15 15-SP5 (src): iperf-3.5-150000.3.3.1 SUSE Enterprise Storage 7.1 (src): iperf-3.5-150000.3.3.1 SUSE Enterprise Storage 7 (src): iperf-3.5-150000.3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.