CVE-2023-7250

MEDIUM

iperf3 < 3.15 - Denial of Service via Incomplete Data Transmission

Title source: llm

Description

A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf server, which can cause the server to hang indefinitely waiting for the remainder or until the connection gets closed. This will prevent other connections to the server, leading to a denial of service.

References (5)

Core 5

Core References

Mailing List

https://lists.debian.org/debian-lts-announce/2025/01/msg00027.html

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:4241

Third Party Advisory vendor-advisory x_refsource_redhat

https://access.redhat.com/errata/RHSA-2024:9185

Third Party Advisory vdb-entry x_refsource_redhat

https://access.redhat.com/security/cve/CVE-2023-7250

Issue Tracking, Third Party Advisory issue-tracking x_refsource_redhat

https://bugzilla.redhat.com/show_bug.cgi?id=2244707

Scores

CVSS v3 5.3

EPSS 0.0005

EPSS Percentile 16.9%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-183

Status published

Products (8)

es/iperf3 < 3.15

redhat/enterprise_linux 8.0

redhat/enterprise_linux 9.0

redhat/enterprise_linux_for_arm_64 8.0_aarch64

redhat/enterprise_linux_for_arm_64 9.0_aarch64

redhat/enterprise_linux_for_ibm_z_systems 8.0_s390x

redhat/enterprise_linux_for_ibm_z_systems 9.0_s390x

redhat/enterprise_linux_for_power_little_endian 8.0_ppc64le

Published Mar 18, 2024

Tracked Since Feb 18, 2026