Permissive Whitelist Affecting iperf3 package, versions <0:3.9-13.el9
Threat Intelligence
Do your applications use this vulnerable package?
In a few clicks we can analyze your entire application and see what components are vulnerable in your application, and suggest you quick fixes.
Test your applications- Snyk ID SNYK-ALMALINUX9-IPERF3-8383483
- published 18 Nov 2024
- disclosed 12 Nov 2024
Introduced: 12 Nov 2024
New CVE-2023-7250 Open this link in a new tabHow to fix?
Upgrade AlmaLinux:9 iperf3 to version 0:3.9-13.el9 or higher.
This issue was patched in ALSA-2024:9185.
NVD Description
Note: Versions mentioned in the description apply only to the upstream iperf3 package and not the iperf3 package as distributed by AlmaLinux.
See How to fix? for AlmaLinux:9 relevant fixed versions and status.
A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf server, which can cause the server to hang indefinitely waiting for the remainder or until the connection gets closed. This will prevent other connections to the server, leading to a denial of service.
References
- https://errata.almalinux.org/8/ALSA-2024-4241.html
- https://errata.almalinux.org/9/ALSA-2024-9185.html
- https://access.redhat.com/security/cve/CVE-2023-7250
- https://access.redhat.com/errata/RHSA-2024:4241
- https://access.redhat.com/errata/RHSA-2024:9185
- https://bugzilla.redhat.com/show_bug.cgi?id=2244707