CVE-2016-4303

The parse_string function in cjson.c in the cJSON library mishandles UTF8/16 strings, which allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a non-hex character in a JSON string, which triggers a heap-based buffer overflow.

References

Affected packages

Debian:11 / iperf3

Package

Name: iperf3
Purl: pkg:deb/debian/iperf3?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / iperf3

Package

Name: iperf3
Purl: pkg:deb/debian/iperf3?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / iperf3

Package

Name: iperf3
Purl: pkg:deb/debian/iperf3?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

3.1.3-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/esnet/iperf

Affected ranges

Type: GIT
Repo: https://github.com/esnet/iperf
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Fixed

91f2fa59e8ed80dfbf400add0164ee0e508e412a

Fixed

91f2fa59e8ed80dfbf400add0164ee0e508e412a

Affected versions

2.*

2.0-RELEASE

2.0.1-RELEASE

2.0.2-RELEASE

2.0.3-RELEASE

2.0.4-RELEASE

3.*

3.0-ALPHA1

3.0-BETA1

3.0-BETA2

3.0-BETA3

3.0-BETA4

3.0-BETA5

3.0.1

3.0.10

3.0.11

3.0.2

3.0.3

3.0.5

3.0.6

3.0.7

3.0.8

3.0.9

iperf-3.*

iperf-3.0a1

Other

iperf3

trunk