{"url":"http://public2.vulnerablecode.io/api/packages/99634?format=json","purl":"pkg:deb/debian/iperf3@3.18-2%2Bdeb13u2?distro=trixie","type":"deb","namespace":"debian","name":"iperf3","version":"3.18-2+deb13u2","qualifiers":{"distro":"trixie"},"subpath":"","is_vulnerable":false,"next_non_vulnerable_version":"3.19.1-1","latest_non_vulnerable_version":"3.20-2.1","affected_by_vulnerabilities":[],"fixing_vulnerabilities":[{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74023?format=json","vulnerability_id":"VCID-4ntk-bu9x-kbh6","summary":"iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages for decryption, as described in \"Everlasting ROBOT: the Marvin Attack\" by Hubert Kario.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26306.json","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-26306.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26306","reference_id":"","reference_type":"","scores":[{"value":"0.01116","scoring_system":"epss","scoring_elements":"0.78567","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01116","scoring_system":"epss","scoring_elements":"0.78563","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01116","scoring_system":"epss","scoring_elements":"0.78571","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01116","scoring_system":"epss","scoring_elements":"0.78562","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01116","scoring_system":"epss","scoring_elements":"0.7855","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-26306"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26306","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-26306"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071751","reference_id":"1071751","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1071751"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2270270","reference_id":"2270270","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2270270"},{"reference_url":"https://github.com/esnet/iperf/releases/tag/3.17","reference_id":"3.17","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T18:32:36Z/"}],"url":"https://github.com/esnet/iperf/releases/tag/3.17"},{"reference_url":"https://downloads.es.net/pub/iperf/esnet-secadv-2024-0001.txt.asc","reference_id":"esnet-secadv-2024-0001.txt.asc","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T18:32:36Z/"}],"url":"https://downloads.es.net/pub/iperf/esnet-secadv-2024-0001.txt.asc"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4241","reference_id":"RHSA-2024:4241","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:4241"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:9185","reference_id":"RHSA-2024:9185","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2024:9185"},{"reference_url":"https://www.insyde.com/security-pledge/SA-2024005","reference_id":"SA-2024005","reference_type":"","scores":[{"value":"5.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-08-22T18:32:36Z/"}],"url":"https://www.insyde.com/security-pledge/SA-2024005"},{"reference_url":"https://usn.ubuntu.com/7970-1/","reference_id":"USN-7970-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7970-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/99632?format=json","purl":"pkg:deb/debian/iperf3@3.9-1%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iperf3@3.9-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99637?format=json","purl":"pkg:deb/debian/iperf3@3.9-1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iperf3@3.9-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99639?format=json","purl":"pkg:deb/debian/iperf3@3.17.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iperf3@3.17.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99634?format=json","purl":"pkg:deb/debian/iperf3@3.18-2%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iperf3@3.18-2%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99633?format=json","purl":"pkg:deb/debian/iperf3@3.20-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iperf3@3.20-2.1%3Fdistro=trixie"}],"aliases":["CVE-2024-26306"],"risk_score":2.6,"exploitability":"0.5","weighted_severity":"5.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-4ntk-bu9x-kbh6"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74030?format=json","vulnerability_id":"VCID-5scn-hmbq-zqdd","summary":"In iperf before 3.19.1, net.c has a buffer overflow when --skip-rx-copy is used (for MSG_TRUNC in recv).","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-54351.json","reference_id":"","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-54351.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54351","reference_id":"","reference_type":"","scores":[{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49724","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49745","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49754","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49737","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00261","scoring_system":"epss","scoring_elements":"0.49707","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54351"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2386149","reference_id":"2386149","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2386149"},{"reference_url":"https://github.com/esnet/iperf/releases/tag/3.19.1","reference_id":"3.19.1","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-04T19:40:29Z/"}],"url":"https://github.com/esnet/iperf/releases/tag/3.19.1"},{"reference_url":"https://github.com/esnet/iperf/commit/969b7f70c447513e92c9798f22e82b40ebc53bf0","reference_id":"969b7f70c447513e92c9798f22e82b40ebc53bf0","reference_type":"","scores":[{"value":"8.9","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:T/P:M/B:A/M:M/D:T/2025-08-04T19:40:29Z/"}],"url":"https://github.com/esnet/iperf/commit/969b7f70c447513e92c9798f22e82b40ebc53bf0"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/99644?format=json","purl":"pkg:deb/debian/iperf3@0?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iperf3@0%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99632?format=json","purl":"pkg:deb/debian/iperf3@3.9-1%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iperf3@3.9-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99630?format=json","purl":"pkg:deb/debian/iperf3@3.12-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4ntk-bu9x-kbh6"},{"vulnerability":"VCID-dj7g-u8hk-tye4"},{"vulnerability":"VCID-gkp3-2f7w-4bhq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iperf3@3.12-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99634?format=json","purl":"pkg:deb/debian/iperf3@3.18-2%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iperf3@3.18-2%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99633?format=json","purl":"pkg:deb/debian/iperf3@3.20-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iperf3@3.20-2.1%3Fdistro=trixie"}],"aliases":["CVE-2025-54351"],"risk_score":null,"exploitability":null,"weighted_severity":null,"resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-5scn-hmbq-zqdd"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74028?format=json","vulnerability_id":"VCID-afsp-jgty-e7bt","summary":"In iperf before 3.19.1, iperf_auth.c has a Base64Decode assertion failure and application exit upon a malformed authentication attempt.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-54350.json","reference_id":"","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-54350.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54350","reference_id":"","reference_type":"","scores":[{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.3113","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31208","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31175","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31139","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00124","scoring_system":"epss","scoring_elements":"0.31107","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54350"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54350","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54350"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110376","reference_id":"1110376","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110376"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2386150","reference_id":"2386150","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2386150"},{"reference_url":"https://github.com/esnet/iperf/releases/tag/3.19.1","reference_id":"3.19.1","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-04T20:13:25Z/"}],"url":"https://github.com/esnet/iperf/releases/tag/3.19.1"},{"reference_url":"https://github.com/esnet/iperf/commit/4eab661da0bbaac04493fa40164e928c6df7934a","reference_id":"4eab661da0bbaac04493fa40164e928c6df7934a","reference_type":"","scores":[{"value":"3.7","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-04T20:13:25Z/"}],"url":"https://github.com/esnet/iperf/commit/4eab661da0bbaac04493fa40164e928c6df7934a"},{"reference_url":"https://usn.ubuntu.com/7970-1/","reference_id":"USN-7970-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7970-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/99632?format=json","purl":"pkg:deb/debian/iperf3@3.9-1%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iperf3@3.9-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99641?format=json","purl":"pkg:deb/debian/iperf3@3.9-1%2Bdeb11u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iperf3@3.9-1%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99630?format=json","purl":"pkg:deb/debian/iperf3@3.12-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4ntk-bu9x-kbh6"},{"vulnerability":"VCID-dj7g-u8hk-tye4"},{"vulnerability":"VCID-gkp3-2f7w-4bhq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iperf3@3.12-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99643?format=json","purl":"pkg:deb/debian/iperf3@3.18-2%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iperf3@3.18-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99634?format=json","purl":"pkg:deb/debian/iperf3@3.18-2%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iperf3@3.18-2%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99642?format=json","purl":"pkg:deb/debian/iperf3@3.19.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iperf3@3.19.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99633?format=json","purl":"pkg:deb/debian/iperf3@3.20-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iperf3@3.20-2.1%3Fdistro=trixie"}],"aliases":["CVE-2025-54350"],"risk_score":1.6,"exploitability":"0.5","weighted_severity":"3.3","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-afsp-jgty-e7bt"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74022?format=json","vulnerability_id":"VCID-dj7g-u8hk-tye4","summary":"A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf server, which can cause the server to hang indefinitely waiting for the remainder or until the connection gets closed. This will prevent other connections to the server, leading to a denial of service.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-7250.json","reference_id":"","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-7250.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-7250","reference_id":"","reference_type":"","scores":[{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17109","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17205","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17171","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17091","published_at":"2026-06-08T12:55:00Z"},{"value":"0.00054","scoring_system":"epss","scoring_elements":"0.17209","published_at":"2026-06-05T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-7250"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7250","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-7250"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"3.1","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2244707","reference_id":"2244707","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-21T15:29:57Z/"}],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2244707"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:8::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:8::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream","reference_id":"cpe:/a:redhat:enterprise_linux:9::appstream","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/a:redhat:enterprise_linux:9::appstream"},{"reference_url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7","reference_id":"cpe:/o:redhat:enterprise_linux:7","reference_type":"","scores":[],"url":"https://nvd.nist.gov/vuln/search/results?adv_search=true&isCpeNameSearch=true&query=cpe:/o:redhat:enterprise_linux:7"},{"reference_url":"https://access.redhat.com/security/cve/CVE-2023-7250","reference_id":"CVE-2023-7250","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-21T15:29:57Z/"}],"url":"https://access.redhat.com/security/cve/CVE-2023-7250"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:4241","reference_id":"RHSA-2024:4241","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-21T15:29:57Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:4241"},{"reference_url":"https://access.redhat.com/errata/RHSA-2024:9185","reference_id":"RHSA-2024:9185","reference_type":"","scores":[{"value":"5.3","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2024-03-21T15:29:57Z/"}],"url":"https://access.redhat.com/errata/RHSA-2024:9185"},{"reference_url":"https://usn.ubuntu.com/7970-1/","reference_id":"USN-7970-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7970-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/99632?format=json","purl":"pkg:deb/debian/iperf3@3.9-1%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iperf3@3.9-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99637?format=json","purl":"pkg:deb/debian/iperf3@3.9-1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iperf3@3.9-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99638?format=json","purl":"pkg:deb/debian/iperf3@3.15-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iperf3@3.15-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99634?format=json","purl":"pkg:deb/debian/iperf3@3.18-2%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iperf3@3.18-2%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99633?format=json","purl":"pkg:deb/debian/iperf3@3.20-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iperf3@3.20-2.1%3Fdistro=trixie"}],"aliases":["CVE-2023-7250"],"risk_score":2.4,"exploitability":"0.5","weighted_severity":"4.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-dj7g-u8hk-tye4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74024?format=json","vulnerability_id":"VCID-gkp3-2f7w-4bhq","summary":"iperf v3.17.1 was discovered to contain a segmentation violation via the iperf_exchange_parameters() function.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53580.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2024-53580.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53580","reference_id":"","reference_type":"","scores":[{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.4151","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41554","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41562","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.41532","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00197","scoring_system":"epss","scoring_elements":"0.415","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2024-53580"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53580","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2024-53580"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1090931","reference_id":"1090931","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1090931"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2333146","reference_id":"2333146","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2333146"},{"reference_url":"https://github.com/esnet/iperf/releases/tag/3.18","reference_id":"3.18","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-31T19:27:09Z/"}],"url":"https://github.com/esnet/iperf/releases/tag/3.18"},{"reference_url":"https://gist.github.com/neolead/663badf2ebefefa6fe4303695e7aa7a3","reference_id":"663badf2ebefefa6fe4303695e7aa7a3","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:P/A:Y/T:P/P:M/B:A/M:M/D:T/2024-12-31T19:27:09Z/"}],"url":"https://gist.github.com/neolead/663badf2ebefefa6fe4303695e7aa7a3"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0161","reference_id":"RHSA-2025:0161","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0161"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0168","reference_id":"RHSA-2025:0168","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0168"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0346","reference_id":"RHSA-2025:0346","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0346"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0402","reference_id":"RHSA-2025:0402","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0402"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0403","reference_id":"RHSA-2025:0403","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0403"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0404","reference_id":"RHSA-2025:0404","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0404"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0440","reference_id":"RHSA-2025:0440","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0440"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0505","reference_id":"RHSA-2025:0505","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0505"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0548","reference_id":"RHSA-2025:0548","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0548"},{"reference_url":"https://access.redhat.com/errata/RHSA-2025:0570","reference_id":"RHSA-2025:0570","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2025:0570"},{"reference_url":"https://usn.ubuntu.com/7970-1/","reference_id":"USN-7970-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7970-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/99632?format=json","purl":"pkg:deb/debian/iperf3@3.9-1%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iperf3@3.9-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99637?format=json","purl":"pkg:deb/debian/iperf3@3.9-1%2Bdeb11u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iperf3@3.9-1%252Bdeb11u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99640?format=json","purl":"pkg:deb/debian/iperf3@3.18-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iperf3@3.18-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99634?format=json","purl":"pkg:deb/debian/iperf3@3.18-2%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iperf3@3.18-2%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99633?format=json","purl":"pkg:deb/debian/iperf3@3.20-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iperf3@3.20-2.1%3Fdistro=trixie"}],"aliases":["CVE-2024-53580"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-gkp3-2f7w-4bhq"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74020?format=json","vulnerability_id":"VCID-h3z2-e9tg-jue4","summary":"The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow.","references":[{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4303","reference_id":"","reference_type":"","scores":[{"value":"0.07577","scoring_system":"epss","scoring_elements":"0.91985","published_at":"2026-06-04T12:55:00Z"},{"value":"0.07577","scoring_system":"epss","scoring_elements":"0.91997","published_at":"2026-06-08T12:55:00Z"},{"value":"0.07577","scoring_system":"epss","scoring_elements":"0.91999","published_at":"2026-06-06T12:55:00Z"},{"value":"0.07577","scoring_system":"epss","scoring_elements":"0.91996","published_at":"2026-06-07T12:55:00Z"},{"value":"0.07577","scoring_system":"epss","scoring_elements":"0.92011","published_at":"2026-06-09T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2016-4303"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4303","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-4303"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827116","reference_id":"827116","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=827116"},{"reference_url":"https://usn.ubuntu.com/USN-4788-1/","reference_id":"USN-USN-4788-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/USN-4788-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/99631?format=json","purl":"pkg:deb/debian/iperf3@3.1.3-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iperf3@3.1.3-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99632?format=json","purl":"pkg:deb/debian/iperf3@3.9-1%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iperf3@3.9-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99630?format=json","purl":"pkg:deb/debian/iperf3@3.12-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4ntk-bu9x-kbh6"},{"vulnerability":"VCID-dj7g-u8hk-tye4"},{"vulnerability":"VCID-gkp3-2f7w-4bhq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iperf3@3.12-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99634?format=json","purl":"pkg:deb/debian/iperf3@3.18-2%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iperf3@3.18-2%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99633?format=json","purl":"pkg:deb/debian/iperf3@3.20-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iperf3@3.20-2.1%3Fdistro=trixie"}],"aliases":["CVE-2016-4303"],"risk_score":0.1,"exploitability":"0.5","weighted_severity":"0.1","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-h3z2-e9tg-jue4"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74021?format=json","vulnerability_id":"VCID-mfw1-fmeh-h7c3","summary":"iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38403.json","reference_id":"","reference_type":"","scores":[{"value":"7.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2023-38403.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38403","reference_id":"","reference_type":"","scores":[{"value":"0.01336","scoring_system":"epss","scoring_elements":"0.80365","published_at":"2026-06-09T12:55:00Z"},{"value":"0.01336","scoring_system":"epss","scoring_elements":"0.80351","published_at":"2026-06-05T12:55:00Z"},{"value":"0.01336","scoring_system":"epss","scoring_elements":"0.80353","published_at":"2026-06-06T12:55:00Z"},{"value":"0.01336","scoring_system":"epss","scoring_elements":"0.8035","published_at":"2026-06-07T12:55:00Z"},{"value":"0.01336","scoring_system":"epss","scoring_elements":"0.80343","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2023-38403"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38403","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2023-38403"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"7.4","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:H/A:H"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://github.com/esnet/iperf/commit/0ef151550d96cc4460f98832df84b4a1e87c65e9","reference_id":"0ef151550d96cc4460f98832df84b4a1e87c65e9","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-16T19:39:13Z/"}],"url":"https://github.com/esnet/iperf/commit/0ef151550d96cc4460f98832df84b4a1e87c65e9"},{"reference_url":"https://bugs.debian.org/1040830","reference_id":"1040830","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-16T19:39:13Z/"}],"url":"https://bugs.debian.org/1040830"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040830","reference_id":"1040830","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1040830"},{"reference_url":"https://cwe.mitre.org/data/definitions/130.html","reference_id":"130.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-16T19:39:13Z/"}],"url":"https://cwe.mitre.org/data/definitions/130.html"},{"reference_url":"https://github.com/esnet/iperf/issues/1542","reference_id":"1542","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-16T19:39:13Z/"}],"url":"https://github.com/esnet/iperf/issues/1542"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2222204","reference_id":"2222204","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2222204"},{"reference_url":"http://seclists.org/fulldisclosure/2023/Oct/24","reference_id":"24","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-16T19:39:13Z/"}],"url":"http://seclists.org/fulldisclosure/2023/Oct/24"},{"reference_url":"http://seclists.org/fulldisclosure/2023/Oct/26","reference_id":"26","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-16T19:39:13Z/"}],"url":"http://seclists.org/fulldisclosure/2023/Oct/26"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BV6EBWWF4PEQKROEVXGYSTIT2MGBTLU7/","reference_id":"BV6EBWWF4PEQKROEVXGYSTIT2MGBTLU7","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-16T19:39:13Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/BV6EBWWF4PEQKROEVXGYSTIT2MGBTLU7/"},{"reference_url":"https://downloads.es.net/pub/iperf/esnet-secadv-2023-0001.txt.asc","reference_id":"esnet-secadv-2023-0001.txt.asc","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-16T19:39:13Z/"}],"url":"https://downloads.es.net/pub/iperf/esnet-secadv-2023-0001.txt.asc"},{"reference_url":"https://support.apple.com/kb/HT213984","reference_id":"HT213984","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-16T19:39:13Z/"}],"url":"https://support.apple.com/kb/HT213984"},{"reference_url":"https://support.apple.com/kb/HT213985","reference_id":"HT213985","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-16T19:39:13Z/"}],"url":"https://support.apple.com/kb/HT213985"},{"reference_url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M25Z5FHTO3XWMGP37JHJ7IIIHSGCLKEV/","reference_id":"M25Z5FHTO3XWMGP37JHJ7IIIHSGCLKEV","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-16T19:39:13Z/"}],"url":"https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/M25Z5FHTO3XWMGP37JHJ7IIIHSGCLKEV/"},{"reference_url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00025.html","reference_id":"msg00025.html","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-16T19:39:13Z/"}],"url":"https://lists.debian.org/debian-lts-announce/2023/07/msg00025.html"},{"reference_url":"https://security.netapp.com/advisory/ntap-20230818-0016/","reference_id":"ntap-20230818-0016","reference_type":"","scores":[{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:Y/T:P/P:M/B:A/M:M/D:T/2024-01-16T19:39:13Z/"}],"url":"https://security.netapp.com/advisory/ntap-20230818-0016/"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4326","reference_id":"RHSA-2023:4326","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4326"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4414","reference_id":"RHSA-2023:4414","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4414"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4415","reference_id":"RHSA-2023:4415","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4415"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4416","reference_id":"RHSA-2023:4416","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4416"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4431","reference_id":"RHSA-2023:4431","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4431"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4432","reference_id":"RHSA-2023:4432","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4432"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4570","reference_id":"RHSA-2023:4570","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4570"},{"reference_url":"https://access.redhat.com/errata/RHSA-2023:4571","reference_id":"RHSA-2023:4571","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2023:4571"},{"reference_url":"https://usn.ubuntu.com/6431-1/","reference_id":"USN-6431-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6431-1/"},{"reference_url":"https://usn.ubuntu.com/6431-2/","reference_id":"USN-6431-2","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/6431-2/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/99632?format=json","purl":"pkg:deb/debian/iperf3@3.9-1%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iperf3@3.9-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99635?format=json","purl":"pkg:deb/debian/iperf3@3.12-1%2Bdeb12u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iperf3@3.12-1%252Bdeb12u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99630?format=json","purl":"pkg:deb/debian/iperf3@3.12-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4ntk-bu9x-kbh6"},{"vulnerability":"VCID-dj7g-u8hk-tye4"},{"vulnerability":"VCID-gkp3-2f7w-4bhq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iperf3@3.12-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99636?format=json","purl":"pkg:deb/debian/iperf3@3.14-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iperf3@3.14-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99634?format=json","purl":"pkg:deb/debian/iperf3@3.18-2%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iperf3@3.18-2%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99633?format=json","purl":"pkg:deb/debian/iperf3@3.20-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iperf3@3.20-2.1%3Fdistro=trixie"}],"aliases":["CVE-2023-38403"],"risk_score":3.4,"exploitability":"0.5","weighted_severity":"6.8","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-mfw1-fmeh-h7c3"},{"url":"http://public2.vulnerablecode.io/api/vulnerabilities/74025?format=json","vulnerability_id":"VCID-tyft-4h7n-mkgf","summary":"In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resultant heap-based buffer overflow.","references":[{"reference_url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-54349.json","reference_id":"","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L"}],"url":"https://access.redhat.com/hydra/rest/securitydata/cve/CVE-2025-54349.json"},{"reference_url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54349","reference_id":"","reference_type":"","scores":[{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.5277","published_at":"2026-06-09T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52782","published_at":"2026-06-05T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52788","published_at":"2026-06-06T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52771","published_at":"2026-06-07T12:55:00Z"},{"value":"0.00291","scoring_system":"epss","scoring_elements":"0.52745","published_at":"2026-06-08T12:55:00Z"}],"url":"https://api.first.org/data/v1/epss?cve=CVE-2025-54349"},{"reference_url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54349","reference_id":"","reference_type":"","scores":[],"url":"https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2025-54349"},{"reference_url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml","reference_id":"","reference_type":"","scores":[{"value":"5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L"}],"url":"https://ftp.suse.com/pub/projects/security/yaml/suse-cvss-scores.yaml"},{"reference_url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110376","reference_id":"1110376","reference_type":"","scores":[],"url":"https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1110376"},{"reference_url":"https://bugzilla.redhat.com/show_bug.cgi?id=2386151","reference_id":"2386151","reference_type":"","scores":[],"url":"https://bugzilla.redhat.com/show_bug.cgi?id=2386151"},{"reference_url":"https://github.com/esnet/iperf/releases/tag/3.19.1","reference_id":"3.19.1","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-04T13:10:43Z/"}],"url":"https://github.com/esnet/iperf/releases/tag/3.19.1"},{"reference_url":"https://github.com/esnet/iperf/commit/4e5313bab0b9b3fe03513ab54f722c8a3e4b7bdf","reference_id":"4e5313bab0b9b3fe03513ab54f722c8a3e4b7bdf","reference_type":"","scores":[{"value":"6.5","scoring_system":"cvssv3.1","scoring_elements":"CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L"},{"value":"Track","scoring_system":"ssvc","scoring_elements":"SSVCv2/E:N/A:N/T:P/P:M/B:A/M:M/D:T/2025-08-04T13:10:43Z/"}],"url":"https://github.com/esnet/iperf/commit/4e5313bab0b9b3fe03513ab54f722c8a3e4b7bdf"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1592","reference_id":"RHSA-2026:1592","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1592"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1595","reference_id":"RHSA-2026:1595","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1595"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1597","reference_id":"RHSA-2026:1597","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1597"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1760","reference_id":"RHSA-2026:1760","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1760"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1773","reference_id":"RHSA-2026:1773","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1773"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1881","reference_id":"RHSA-2026:1881","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1881"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1882","reference_id":"RHSA-2026:1882","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1882"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:1967","reference_id":"RHSA-2026:1967","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:1967"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2328","reference_id":"RHSA-2026:2328","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2328"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2329","reference_id":"RHSA-2026:2329","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2329"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2448","reference_id":"RHSA-2026:2448","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2448"},{"reference_url":"https://access.redhat.com/errata/RHSA-2026:2449","reference_id":"RHSA-2026:2449","reference_type":"","scores":[],"url":"https://access.redhat.com/errata/RHSA-2026:2449"},{"reference_url":"https://usn.ubuntu.com/7970-1/","reference_id":"USN-7970-1","reference_type":"","scores":[],"url":"https://usn.ubuntu.com/7970-1/"}],"fixed_packages":[{"url":"http://public2.vulnerablecode.io/api/packages/99632?format=json","purl":"pkg:deb/debian/iperf3@3.9-1%2Bdeb11u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iperf3@3.9-1%252Bdeb11u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99641?format=json","purl":"pkg:deb/debian/iperf3@3.9-1%2Bdeb11u3?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iperf3@3.9-1%252Bdeb11u3%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99630?format=json","purl":"pkg:deb/debian/iperf3@3.12-1%2Bdeb12u2?distro=trixie","is_vulnerable":true,"affected_by_vulnerabilities":[{"vulnerability":"VCID-4ntk-bu9x-kbh6"},{"vulnerability":"VCID-dj7g-u8hk-tye4"},{"vulnerability":"VCID-gkp3-2f7w-4bhq"}],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iperf3@3.12-1%252Bdeb12u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99643?format=json","purl":"pkg:deb/debian/iperf3@3.18-2%2Bdeb13u1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iperf3@3.18-2%252Bdeb13u1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99634?format=json","purl":"pkg:deb/debian/iperf3@3.18-2%2Bdeb13u2?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iperf3@3.18-2%252Bdeb13u2%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99642?format=json","purl":"pkg:deb/debian/iperf3@3.19.1-1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iperf3@3.19.1-1%3Fdistro=trixie"},{"url":"http://public2.vulnerablecode.io/api/packages/99633?format=json","purl":"pkg:deb/debian/iperf3@3.20-2.1?distro=trixie","is_vulnerable":false,"affected_by_vulnerabilities":[],"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iperf3@3.20-2.1%3Fdistro=trixie"}],"aliases":["CVE-2025-54349"],"risk_score":3.0,"exploitability":"0.5","weighted_severity":"5.9","resource_url":"http://public2.vulnerablecode.io/vulnerabilities/VCID-tyft-4h7n-mkgf"}],"risk_score":null,"resource_url":"http://public2.vulnerablecode.io/packages/pkg:deb/debian/iperf3@3.18-2%252Bdeb13u2%3Fdistro=trixie"}