{"id":"USN-7970-1","summary":"iperf3 vulnerabilities","details":"Jorge Sancho Larraz discovered that iperf3 did not properly manage certain\ninputs, which could cause the server process to stop responding, waiting\nfor input on the control connection. A remote attacker could possibly use\nthis issue to cause a denial of service. This issue was only addressed in\nUbuntu 22.04 LTS. (CVE-2023-7250)\n\nIt was discovered that iperf3 had a timing side-channel when performing RSA\ndecryption. An attacker could possibly use this issue to recover sensitive\ninformation. This issue was only addressed in Ubuntu 20.04 LTS and Ubuntu\n22.04 LTS and Ubuntu 24.04 LTS. (CVE-2024-26306)\n\nIt was discovered that iperf3 incorrectly handled certain inputs. An\nattacker could possibly use this issue to cause a denial of service. This\nissue was only addressed in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS and Ubuntu\n24.04 LTS. (CVE-2024-53580)\n\nHan Lee discovered that iperf3 had an off-by-one heap overflow. An attacker\ncould possibly use this issue to crash the program or execute arbitrary\ncode. This issue was only addressed in Ubuntu 20.04 LTS, Ubuntu 22.04 LTS,\nUbuntu 24.04 LTS and Ubuntu 25.10. (CVE-2025-54349)\n\nHan Lee discovered that iperf3 did not properly manage certain inputs. An\nattacker could possibly use this issue to cause a denial of service.\n(CVE-2025-54350)","modified":"2026-02-10T04:50:48Z","published":"2026-01-21T05:29:16Z","related":["UBUNTU-CVE-2023-7250","UBUNTU-CVE-2024-26306","UBUNTU-CVE-2024-53580","UBUNTU-CVE-2025-54349","UBUNTU-CVE-2025-54350"],"upstream":["CVE-2023-7250","CVE-2024-26306","CVE-2024-53580","CVE-2025-54349","CVE-2025-54350","UBUNTU-CVE-2023-7250","UBUNTU-CVE-2024-26306","UBUNTU-CVE-2024-53580","UBUNTU-CVE-2025-54349","UBUNTU-CVE-2025-54350"],"references":[{"type":"ADVISORY","url":"https://ubuntu.com/security/notices/USN-7970-1"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2023-7250"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-26306"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2024-53580"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-54349"},{"type":"REPORT","url":"https://ubuntu.com/security/CVE-2025-54350"}],"affected":[{"package":{"name":"iperf3","ecosystem":"Ubuntu:Pro:20.04:LTS","purl":"pkg:deb/ubuntu/iperf3@3.7-3ubuntu0.1~esm2?arch=source&distro=esm-apps/focal"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.7-3ubuntu0.1~esm2"}]}],"versions":["3.6-2","3.7-1","3.7-2","3.7-3","3.7-3ubuntu0.1~esm1"],"ecosystem_specific":{"binaries":[{"binary_version":"3.7-3ubuntu0.1~esm2","binary_name":"iperf3"},{"binary_version":"3.7-3ubuntu0.1~esm2","binary_name":"libiperf-dev"},{"binary_version":"3.7-3ubuntu0.1~esm2","binary_name":"libiperf0"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7970-1.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2024-26306"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2024-53580"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2025-54349"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2025-54350"}],"ecosystem":"Ubuntu:Pro:20.04:LTS"}}},{"package":{"name":"iperf3","ecosystem":"Ubuntu:22.04:LTS","purl":"pkg:deb/ubuntu/iperf3@3.9-1+deb11u1ubuntu0.1?arch=source&distro=jammy"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.9-1+deb11u1ubuntu0.1"}]}],"versions":["3.9-1","3.9-1build1","3.9-1+deb11u1build0.22.04.1"],"ecosystem_specific":{"binaries":[{"binary_version":"3.9-1+deb11u1ubuntu0.1","binary_name":"iperf3"},{"binary_version":"3.9-1+deb11u1ubuntu0.1","binary_name":"libiperf-dev"},{"binary_version":"3.9-1+deb11u1ubuntu0.1","binary_name":"libiperf0"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7970-1.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2023-7250"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2024-26306"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2024-53580"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2025-54349"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2025-54350"}],"ecosystem":"Ubuntu:22.04:LTS"}}},{"package":{"name":"iperf3","ecosystem":"Ubuntu:Pro:24.04:LTS","purl":"pkg:deb/ubuntu/iperf3@3.16-1ubuntu0.1~esm1?arch=source&distro=esm-apps/noble"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.16-1ubuntu0.1~esm1"}]}],"versions":["3.14-1","3.15-1","3.16-1","3.16-1build1","3.16-1build2"],"ecosystem_specific":{"binaries":[{"binary_version":"3.16-1ubuntu0.1~esm1","binary_name":"iperf3"},{"binary_version":"3.16-1ubuntu0.1~esm1","binary_name":"libiperf-dev"},{"binary_version":"3.16-1ubuntu0.1~esm1","binary_name":"libiperf0"}],"availability":"Available with Ubuntu Pro: https://ubuntu.com/pro"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7970-1.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2024-26306"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2024-53580"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2025-54349"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2025-54350"}],"ecosystem":"Ubuntu:Pro:24.04:LTS"}}},{"package":{"name":"iperf3","ecosystem":"Ubuntu:25.10","purl":"pkg:deb/ubuntu/iperf3@3.18-2ubuntu0.1?arch=source&distro=questing"},"ranges":[{"type":"ECOSYSTEM","events":[{"introduced":"0"},{"fixed":"3.18-2ubuntu0.1"}]}],"versions":["3.18-2"],"ecosystem_specific":{"binaries":[{"binary_version":"3.18-2ubuntu0.1","binary_name":"iperf3"},{"binary_version":"3.18-2ubuntu0.1","binary_name":"libiperf-dev"},{"binary_version":"3.18-2ubuntu0.1","binary_name":"libiperf0"}],"availability":"No subscription required"},"database_specific":{"source":"https://github.com/canonical/ubuntu-security-notices/blob/main/osv/usn/USN-7970-1.json","cves_map":{"cves":[{"severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2025-54349"},{"severity":[{"score":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L","type":"CVSS_V3"},{"score":"medium","type":"Ubuntu"}],"id":"CVE-2025-54350"}],"ecosystem":"Ubuntu:25.10"}}}],"schema_version":"1.7.3"}