Source: iperf3 Version: 3.18-2 Severity: important Tags: security upstream X-Debbugs-Cc: [email protected], Debian Security Team <[email protected]>
Hi, The following vulnerabilities were published for iperf3. CVE-2025-54349[0]: | In iperf before 3.19.1, iperf_auth.c has an off-by-one error and | resultant heap-based buffer overflow. CVE-2025-54350[1]: | In iperf before 3.19.1, iperf_auth.c has a Base64Decode assertion | failure and application exit upon a malformed authentication | attempt. If you fix the vulnerabilities please also make sure to include the CVE (Common Vulnerabilities & Exposures) ids in your changelog entry. For further information see: [0] https://security-tracker.debian.org/tracker/CVE-2025-54349 https://www.cve.org/CVERecord?id=CVE-2025-54349 https://github.com/esnet/iperf/commit/42280d2292ed5f213bfcb33b2206ebcdb151ae66 [1] https://security-tracker.debian.org/tracker/CVE-2025-54350 https://www.cve.org/CVERecord?id=CVE-2025-54350 https://github.com/esnet/iperf/commit/de932ea16bc959f839d28d370f0602de52c5def1 Please adjust the affected versions in the BTS as needed. Regards, Salvatore
