CVE-2025-54351

In iperf before 3.19.1, net.c has a buffer overflow when --skip-rx-copy is used (for MSG_TRUNC in recv).

CVSS v3 8.9 HIGH

8.9^/10

CVSS v3 : HIGH

V3 Legend

Vector :

Exploitability : 2.2 / Impact : 6.0

Attack Vector NETWORK

Attack Complexity HIGH

Privileges Required NONE

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact HIGH

Availability Impact LOW

Scope CHANGED

References

Link	Resource
https://github.com/esnet/iperf/commit/969b7f70c447513e92c9798f22e82b40ebc53bf0	Patch
https://github.com/esnet/iperf/releases/tag/3.19.1	Release Notes

Configurations

Configuration 1 (hide)

cpe:2.3:a:es:iperf3:3.19:*:*:*:*:*:*:*

History

17 Oct 2025, 19:59

Type	Values Removed	Values Added
First Time		Es Es iperf3
CPE	cpe:2.3:a:iperf_project:iperf::::::::	cpe:2.3:a:es:iperf3:3.19:::::::*

05 Aug 2025, 16:36

Type	Values Removed	Values Added
First Time		Iperf Project Iperf Project iperf
CPE		cpe:2.3:a:iperf_project:iperf::::::::
References	~~() https://github.com/esnet/iperf/commit/969b7f70c447513e92c9798f22e82b40ebc53bf0 -~~	() https://github.com/esnet/iperf/commit/969b7f70c447513e92c9798f22e82b40ebc53bf0 - Patch
References	~~() https://github.com/esnet/iperf/releases/tag/3.19.1 -~~	() https://github.com/esnet/iperf/releases/tag/3.19.1 - Release Notes

04 Aug 2025, 15:06

Type	Values Removed	Values Added
Summary		(es) En iperf anterior a 3.19.1, net.c tiene un desbordamiento de búfer cuando se usa --skip-rx-copy (para MSG_TRUNC en recv).

03 Aug 2025, 02:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2025-08-03 02:15

Updated : 2025-10-17 19:59

NVD link : CVE-2025-54351

Mitre link : CVE-2025-54351

CVE.ORG link : CVE-2025-54351

JSON object : View

Products Affected

iperf3

CWE

CWE-420

Unprotected Alternate Channel

8.9 /10