|
|
Subscribe / Log in / New account

iperf3: denial of service

Package(s):iperf3 CVE #(s):CVE-2016-4303
Created:June 20, 2016 Updated:August 22, 2016
Description: From the Red Hat bugzilla:

A bug exists in the way that the included version of the cjson library handles Unicode literals in JSON string constants. A malformed Unicode literal can cause a process parsing a block of JSON to overwrite a pre-allocated buffer in the heap. Note that this bug has already been fixed in recent versions of cjson.

A malicious process can connect to an iperf3 server and, by sending a malformed message on the control channel, corrupt the server process's heap area. This can lead to a crash (and a denial of service), or theoretically a remote code execution as the user running the iperf3 server. A malicious iperf3 server could potentially mount a similar attack on an iperf3 client.

Alerts:
openSUSE openSUSE-SU-2016:2121-1 iperf 2016-08-19
openSUSE openSUSE-SU-2016:2113-1 iperf 2016-08-19
Mageia MGASA-2016-0235 iperf 2016-07-05
Fedora FEDORA-2016-45402a6f3b iperf3 2016-06-18
Fedora FEDORA-2016-9693e82a25 iperf3 2016-06-18
to post comments


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds