CVE-2023-7250

A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf server, which can cause the server to hang indefinitely waiting for the remainder or until the connection gets closed. This will prevent other connections to the server, leading to a denial of service.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2024:4241
https://access.redhat.com/security/cve/CVE-2023-7250
https://bugzilla.redhat.com/show_bug.cgi?id=2244707

Configurations

No configuration.

History

02 Jul 2024, 23:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:4241 -
Summary		(es) Se encontró una falla en iperf, una utilidad para probar el rendimiento de la red mediante TCP, UDP y SCTP. Un cliente malicioso o que no funciona correctamente puede enviar menos cantidad de datos de la esperada al servidor iperf, lo que puede hacer que el servidor se cuelgue indefinidamente esperando el resto o hasta que se cierre la conexión. Esto evitará otras conexiones al servidor, lo que provocará una denegación de servicio.

18 Mar 2024, 13:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2024-03-18 13:15

Updated : 2024-07-02 23:15

NVD link : CVE-2023-7250

Mitre link : CVE-2023-7250

CVE.ORG link : CVE-2023-7250

JSON object : View

Products Affected

No product.

CWE

CWE-183

Permissive List of Allowed Inputs

5.3 /10