Every CVE whose affected-product data names Es Iperf3, ordered by CVSS severity, with EPSS exploit prediction and CISA KEV status.
CVEs (8)
CVE-2016-4303 — CVSS 9.8 (critical): The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of…
CVE-2025-54351 — CVSS 8.9 (high): In iperf before 3.19.1, net.c has a buffer overflow when --skip-rx-copy is used (for MSG_TRUNC in recv).
CVE-2024-53580 — CVSS 7.5 (high): iperf v3.17.1 was discovered to contain a segmentation violation via the iperf_exchange_parameters() function.
CVE-2023-38403 — CVSS 7.5 (high): iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.
CVE-2025-54349 — CVSS 6.5 (medium): In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resultant heap-based buffer overflow.
CVE-2024-26306 — CVSS 5.9 (medium): iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption…
CVE-2023-7250 — CVSS 5.3 (medium): A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can…
CVE-2025-54350 — CVSS 3.7 (low): In iperf before 3.19.1, iperf_auth.c has a Base64Decode assertion failure and application exit upon a malformed authentication attempt.