CVE-2023-38403

nvd nist

Published: Jul 17, 2023Modified: Nov 21, 2024

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H

Exploitability: 3.9 / Impact: 3.6

Source: NVD

Description

iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.

Affected (8)

Products: Es: Iperf3 · Debian: Debian Linux · Fedoraproject: Fedora · +2 more

Show all products

Es: Iperf3 · Debian: Debian Linux · Fedoraproject: Fedora · Netapp: Clustered Data Ontap, Ontap Select Deploy Administration Utility · Apple: Macos

1 product

1 product

1 product

2 products

Ontap Select Deploy Administration Utility

Apple

1 product

Macos

Configuration A

1 vulnerable · 1 platform

Vulnerable Software	Affected Versions
Es Iperf3	Before 3.14

Running on/with	Platform Versions
Linux Linux Kernel	All versions

Configuration B

1 vulnerable

Vulnerable Software	Affected Versions
Debian Debian Linux	Version 10.0

Configuration C

2 vulnerable

Vulnerable Software	Affected Versions
Fedoraproject Fedora	Version 37
Fedoraproject Fedora	Version 38

Configuration D

2 vulnerable

Vulnerable Software	Affected Versions
Netapp Clustered Data Ontap	Version 9.0
Netapp Ontap Select Deploy Administration Utility	All versions

Configuration E

2 vulnerable

Vulnerable Software	Affected Versions
Apple Macos	Before 13.6.1
Apple Macos	Version 14.0

Related CWEs

CWE-190

Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

References (26)

http://seclists.org/fulldisclosure/2023/Oct/24

Source: cve@mitre.org

Mailing ListThird Party Advisory

http://seclists.org/fulldisclosure/2023/Oct/26

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://bugs.debian.org/1040830

Source: cve@mitre.org

Third Party Advisory

https://cwe.mitre.org/data/definitions/130.html

Source: cve@mitre.org

Third Party Advisory

https://downloads.es.net/pub/iperf/esnet-secadv-2023-0001.txt.asc

Source: cve@mitre.org

Vendor Advisory

https://github.com/esnet/iperf/commit/0ef151550d96cc4460f98832df84b4a1e87c65e9

Source: cve@mitre.org

Patch

https://github.com/esnet/iperf/issues/1542

Source: cve@mitre.org

Issue TrackingVendor Advisory

https://lists.debian.org/debian-lts-announce/2023/07/msg00025.html

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BV6EBWWF4PEQKROEVXGYSTIT2MGBTLU7/

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M25Z5FHTO3XWMGP37JHJ7IIIHSGCLKEV/

Source: cve@mitre.org

Mailing ListThird Party Advisory

https://security.netapp.com/advisory/ntap-20230818-0016/

Source: cve@mitre.org

Third Party Advisory

https://support.apple.com/kb/HT213984

Source: cve@mitre.org

Release NotesThird Party Advisory

https://support.apple.com/kb/HT213985

Source: cve@mitre.org

Release NotesThird Party Advisory

http://seclists.org/fulldisclosure/2023/Oct/24