CVE-2025-54349

See a problem?
Please try reporting it to the source first.
Source
https://cve.org/CVERecord?id=CVE-2025-54349
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-54349.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-54349
Downstream
Related
Published
2025-08-03T02:15:35.597Z
Modified
2025-11-17T04:02:48.032030Z
Severity
  • 10.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resultant heap-based buffer overflow.

References

Affected packages

Git / github.com/esnet/iperf

Affected ranges

Type
GIT
Repo
https://github.com/esnet/iperf
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
0fa686ef204229a02dcc21a48823ebd47e60e9a2
Fixed
4e5313bab0b9b3fe03513ab54f722c8a3e4b7bdf

Affected versions

2.*

2.0-RELEASE
2.0.1-RELEASE
2.0.2-RELEASE
2.0.3-RELEASE
2.0.4-RELEASE

3.*

3.0-ALPHA1
3.0-BETA1
3.0-BETA2
3.0-BETA3
3.0-BETA4
3.0-BETA5
3.0.1
3.0.4
3.1
3.10
3.10.1
3.11
3.12
3.13
3.14
3.15
3.16
3.16-beta1
3.17.1
3.18
3.19
3.1b1
3.1b2
3.1b3
3.2
3.2rc1
3.3
3.4
3.5
3.6
3.7
3.8
3.8.1
3.9

iperf-3.*

iperf-3.0a1

Other

iperf3
trunk

Database specific

source

"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-54349.json"

vanir_signatures

[
    {
        "digest": {
            "function_hash": "300693105224932451677532296278498551568",
            "length": 1000.0
        },
        "id": "CVE-2025-54349-8664f98f",
        "signature_type": "Function",
        "source": "https://github.com/esnet/iperf/commit/4e5313bab0b9b3fe03513ab54f722c8a3e4b7bdf",
        "target": {
            "function": "decode_auth_setting",
            "file": "src/iperf_auth.c"
        },
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "digest": {
            "line_hashes": [
                "332950769409940220417913478201699367263",
                "157654594138628077940856955559090258566",
                "187919467100155823045499370726851029766",
                "223957954894841644512003384738952265845",
                "244863025665290351341425788860767073159",
                "182356337828233385200068576339721579811",
                "172092972991543735743784022545274176444",
                "157350263339918688582622380972210430226",
                "7658853751889115444961739189297949957",
                "128056188801764755465746505650318453081",
                "122824135669344003315807959737888602728",
                "59835424638630236834535121583658999662",
                "131858152481467350393832885703624622573",
                "214595832873581031380961781472279800329",
                "334311626713398414446147556671844708032",
                "61281072910434423994397251809058144872",
                "83881901096554422124775760247890540745",
                "289660819725380629068733690392853546636",
                "149514522086385706408858224228804393436",
                "167335752591850030012116519120914220204",
                "180711723875840719293449433867565733655",
                "336028571209859735099334964642466895222",
                "234815009044011912536270186383668413970",
                "134978461556602773908475325875370945337",
                "85806701692564220329299441384592685836",
                "265949867682044519628881367999563373128",
                "281436261027192419516187983502124907243",
                "123994594537460707689189629375525618218",
                "114852266697062498224339823270127953685",
                "311035090074218207013726377369137090796",
                "133343591057380661643236312629028045666",
                "23378784483727679273808163315123410142",
                "105496117750516856278692897036572143255",
                "97999548720118992873557313522611298482",
                "138294816604893211524549292444043695434",
                "292929827189051731901814685836424162980",
                "212332299326354530557071021814524408271",
                "177278077689114789959836321934527262779",
                "272326442987437352374696316265574946484",
                "197657808266338532631532862931195505212",
                "264970046376618134508664585022013982658",
                "225098115318122086848987693750835607837"
            ],
            "threshold": 0.9
        },
        "id": "CVE-2025-54349-981bb842",
        "signature_type": "Line",
        "source": "https://github.com/esnet/iperf/commit/4e5313bab0b9b3fe03513ab54f722c8a3e4b7bdf",
        "target": {
            "file": "src/iperf_auth.c"
        },
        "deprecated": false,
        "signature_version": "v1"
    },
    {
        "digest": {
            "function_hash": "131275195488931340578032671455593087395",
            "length": 1253.0
        },
        "id": "CVE-2025-54349-d13e9630",
        "signature_type": "Function",
        "source": "https://github.com/esnet/iperf/commit/4e5313bab0b9b3fe03513ab54f722c8a3e4b7bdf",
        "target": {
            "function": "decrypt_rsa_message",
            "file": "src/iperf_auth.c"
        },
        "deprecated": false,
        "signature_version": "v1"
    }
]