{"id":"CVE-2025-54349","details":"In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resultant heap-based buffer overflow.","modified":"2026-04-16T04:31:11.396740111Z","published":"2025-08-03T02:15:35.597Z","related":["ALSA-2026:1592","ALSA-2026:1595","ALSA-2026:1597","SUSE-SU-2025:02749-1","openSUSE-SU-2025:15414-1"],"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/08/msg00020.html"},{"type":"ADVISORY","url":"https://github.com/esnet/iperf/releases/tag/3.19.1"},{"type":"FIX","url":"https://github.com/esnet/iperf/commit/4e5313bab0b9b3fe03513ab54f722c8a3e4b7bdf"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/esnet/iperf","events":[{"introduced":"88d907f7fb58bfab5d086c5da60c922e1c582c92"},{"fixed":"0fa686ef204229a02dcc21a48823ebd47e60e9a2"},{"fixed":"4e5313bab0b9b3fe03513ab54f722c8a3e4b7bdf"}],"database_specific":{"versions":[{"introduced":"3.2"},{"fixed":"3.19.1"}]}}],"versions":["3.10","3.10.1","3.11","3.12","3.13","3.14","3.15","3.16","3.16-beta1","3.17.1","3.18","3.19","3.2","3.3","3.4","3.5","3.6","3.7","3.8","3.8.1","3.9"],"database_specific":{"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54349.json","vanir_signatures":[{"signature_version":"v1","target":{"file":"src/iperf_auth.c","function":"decode_auth_setting"},"source":"https://github.com/esnet/iperf/commit/4e5313bab0b9b3fe03513ab54f722c8a3e4b7bdf","deprecated":false,"signature_type":"Function","digest":{"function_hash":"300693105224932451677532296278498551568","length":1000},"id":"CVE-2025-54349-8664f98f"},{"id":"CVE-2025-54349-981bb842","target":{"file":"src/iperf_auth.c"},"source":"https://github.com/esnet/iperf/commit/4e5313bab0b9b3fe03513ab54f722c8a3e4b7bdf","deprecated":false,"digest":{"threshold":0.9,"line_hashes":["332950769409940220417913478201699367263","157654594138628077940856955559090258566","187919467100155823045499370726851029766","223957954894841644512003384738952265845","244863025665290351341425788860767073159","182356337828233385200068576339721579811","172092972991543735743784022545274176444","157350263339918688582622380972210430226","7658853751889115444961739189297949957","128056188801764755465746505650318453081","122824135669344003315807959737888602728","59835424638630236834535121583658999662","131858152481467350393832885703624622573","214595832873581031380961781472279800329","334311626713398414446147556671844708032","61281072910434423994397251809058144872","83881901096554422124775760247890540745","289660819725380629068733690392853546636","149514522086385706408858224228804393436","167335752591850030012116519120914220204","180711723875840719293449433867565733655","336028571209859735099334964642466895222","234815009044011912536270186383668413970","134978461556602773908475325875370945337","85806701692564220329299441384592685836","265949867682044519628881367999563373128","281436261027192419516187983502124907243","123994594537460707689189629375525618218","114852266697062498224339823270127953685","311035090074218207013726377369137090796","133343591057380661643236312629028045666","23378784483727679273808163315123410142","105496117750516856278692897036572143255","97999548720118992873557313522611298482","138294816604893211524549292444043695434","292929827189051731901814685836424162980","212332299326354530557071021814524408271","177278077689114789959836321934527262779","272326442987437352374696316265574946484","197657808266338532631532862931195505212","264970046376618134508664585022013982658","225098115318122086848987693750835607837"]},"signature_type":"Line","signature_version":"v1"},{"signature_version":"v1","target":{"file":"src/iperf_auth.c","function":"decrypt_rsa_message"},"source":"https://github.com/esnet/iperf/commit/4e5313bab0b9b3fe03513ab54f722c8a3e4b7bdf","deprecated":false,"signature_type":"Function","digest":{"function_hash":"131275195488931340578032671455593087395","length":1253},"id":"CVE-2025-54349-d13e9630"}],"vanir_signatures_modified":"2026-04-12T17:14:03Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}]}