iperf3 (AlmaLinux:9) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the AlmaLinux:9 package iperf3, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (5)
CVE-2023-38403 — CVSS 7.5 (high): iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.
CVE-2024-53580 — CVSS 7.5 (high): iperf v3.17.1 was discovered to contain a segmentation violation via the iperf_exchange_parameters() function.
CVE-2025-54349 — CVSS 6.5 (medium): In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resultant heap-based buffer overflow.
CVE-2024-26306 — CVSS 5.9 (medium): iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption…
CVE-2023-7250 — CVSS 5.3 (medium): A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can…