{"id":"CVE-2025-54351","details":"In iperf before 3.19.1, net.c has a buffer overflow when --skip-rx-copy is used (for MSG_TRUNC in recv).","modified":"2026-04-12T17:14:03.477602Z","published":"2025-08-03T02:15:37.380Z","related":["SUSE-SU-2025:02749-1","openSUSE-SU-2025:15414-1"],"references":[{"type":"ADVISORY","url":"https://github.com/esnet/iperf/releases/tag/3.19.1"},{"type":"FIX","url":"https://github.com/esnet/iperf/commit/969b7f70c447513e92c9798f22e82b40ebc53bf0"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/esnet/iperf","events":[{"introduced":"0"},{"last_affected":"57396df3c19227741b8cd40c24b105d28672b6f7"},{"fixed":"969b7f70c447513e92c9798f22e82b40ebc53bf0"},{"fixed":"0fa686ef204229a02dcc21a48823ebd47e60e9a2"}],"database_specific":{"versions":[{"introduced":"0"},{"last_affected":"3.19"}]}}],"versions":["2.0-RELEASE","2.0.1-RELEASE","2.0.2-RELEASE","2.0.3-RELEASE","2.0.4-RELEASE","3.0-ALPHA1","3.0-BETA1","3.0-BETA2","3.0-BETA3","3.0-BETA4","3.0-BETA5","3.0.1","3.0.4","3.1","3.10","3.10.1","3.11","3.12","3.13","3.14","3.15","3.16","3.16-beta1","3.17.1","3.18","3.19","3.1b1","3.1b2","3.1b3","3.2","3.2rc1","3.3","3.4","3.5","3.6","3.7","3.8","3.8.1","3.9","iperf-3.0a1","iperf3","trunk"],"database_specific":{"vanir_signatures":[{"id":"CVE-2025-54351-216e44d1","deprecated":false,"target":{"file":"src/net.c","function":"Nrecv"},"signature_type":"Function","source":"https://github.com/esnet/iperf/commit/969b7f70c447513e92c9798f22e82b40ebc53bf0","signature_version":"v1","digest":{"function_hash":"106754048435993421371103722541207670380","length":1143}},{"id":"CVE-2025-54351-d05417ad","deprecated":false,"target":{"file":"src/net.c"},"signature_type":"Line","source":"https://github.com/esnet/iperf/commit/969b7f70c447513e92c9798f22e82b40ebc53bf0","signature_version":"v1","digest":{"line_hashes":["32069343430088178690693599257640083000","155081654813016190320025480782412286210","283023448728263561806811487607167057863","300337696464580010152894795017778262597","313065390166114718566480872835735404786","314249823145358004879035965698132656374","32187999371874724301125581875207432576","173537867481905995912095372489662167498","171754298262011829441506255233584333041","167012814525468168370036117967073934280","132927510004657017148772691476155412755","337736796829847472632816814823325542326","304265774051339906743674745602504015222","227258586638599940439333799693813233921","122505816253579806055946100211523680555","221145903285853186837464146271087804748","60303164895671775093740835976763091911","246728094936250580783304485935073041220","256550544988934875386689502897207731010","260761597470167823251478258196861480293","74304528607843985386342624545941948622","180091905530473344708007724100318166586","262854086518539490727188458766430843591","190702219456582815482958778836885498026"],"threshold":0.9}},{"id":"CVE-2025-54351-fdea148c","deprecated":false,"target":{"file":"src/net.c","function":"Nrecv_no_select"},"signature_type":"Function","source":"https://github.com/esnet/iperf/commit/969b7f70c447513e92c9798f22e82b40ebc53bf0","signature_version":"v1","digest":{"function_hash":"289136881041769423876731907534497810987","length":470}}],"source":"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54351.json","vanir_signatures_modified":"2026-04-12T17:14:03Z"}}],"schema_version":"1.7.5","severity":[{"type":"CVSS_V3","score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H"}]}