iperf (SUSE:Enterprise Storage 7.1) — known CVEs & security advisories
Known CVE vulnerabilities and GitHub Security Advisories affecting the SUSE:Enterprise Storage 7.1 package iperf, with affected version ranges, CVSS severity, EPSS exploit prediction, and CISA KEV status.
CVEs (6)
CVE-2025-54351 — CVSS 8.9 (high): In iperf before 3.19.1, net.c has a buffer overflow when --skip-rx-copy is used (for MSG_TRUNC in recv).
CVE-2023-38403 — CVSS 7.5 (high): iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.
CVE-2024-53580 — CVSS 7.5 (high): iperf v3.17.1 was discovered to contain a segmentation violation via the iperf_exchange_parameters() function.
CVE-2025-54349 — CVSS 6.5 (medium): In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resultant heap-based buffer overflow.
CVE-2024-26306 — CVSS 5.9 (medium): iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption…
CVE-2025-54350 — CVSS 3.7 (low): In iperf before 3.19.1, iperf_auth.c has a Base64Decode assertion failure and application exit upon a malformed authentication attempt.