CVE-2025-54351

Source
https://cve.org/CVERecord?id=CVE-2025-54351
Import Source
https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-54351.json
JSON Data
https://api.test.osv.dev/v1/vulns/CVE-2025-54351
Downstream
Related
Published
2025-08-03T02:15:37.380Z
Modified
2026-02-17T06:42:10.891846Z
Severity
  • 10.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
Summary
[none]
Details

In iperf before 3.19.1, net.c has a buffer overflow when --skip-rx-copy is used (for MSG_TRUNC in recv).

References

Affected packages

Git / github.com/esnet/iperf

Affected ranges

Type
GIT
Repo
https://github.com/esnet/iperf
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed

Affected versions

2.*
2.0-RELEASE
2.0.1-RELEASE
2.0.2-RELEASE
2.0.3-RELEASE
2.0.4-RELEASE
3.*
3.0-ALPHA1
3.0-BETA1
3.0-BETA2
3.0-BETA3
3.0-BETA4
3.0-BETA5
3.0.1
3.0.4
3.1
3.10
3.10.1
3.11
3.12
3.13
3.14
3.15
3.16
3.16-beta1
3.17.1
3.18
3.19
3.1b1
3.1b2
3.1b3
3.2
3.2rc1
3.3
3.4
3.5
3.6
3.7
3.8
3.8.1
3.9
iperf-3.*
iperf-3.0a1
Other
iperf3
trunk

Database specific

vanir_signatures
[
    {
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "src/net.c",
            "function": "Nrecv"
        },
        "digest": {
            "length": 1143.0,
            "function_hash": "106754048435993421371103722541207670380"
        },
        "id": "CVE-2025-54351-216e44d1",
        "source": "https://github.com/esnet/iperf/commit/969b7f70c447513e92c9798f22e82b40ebc53bf0",
        "signature_type": "Function"
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "src/net.c"
        },
        "digest": {
            "threshold": 0.9,
            "line_hashes": [
                "32069343430088178690693599257640083000",
                "155081654813016190320025480782412286210",
                "283023448728263561806811487607167057863",
                "300337696464580010152894795017778262597",
                "313065390166114718566480872835735404786",
                "314249823145358004879035965698132656374",
                "32187999371874724301125581875207432576",
                "173537867481905995912095372489662167498",
                "171754298262011829441506255233584333041",
                "167012814525468168370036117967073934280",
                "132927510004657017148772691476155412755",
                "337736796829847472632816814823325542326",
                "304265774051339906743674745602504015222",
                "227258586638599940439333799693813233921",
                "122505816253579806055946100211523680555",
                "221145903285853186837464146271087804748",
                "60303164895671775093740835976763091911",
                "246728094936250580783304485935073041220",
                "256550544988934875386689502897207731010",
                "260761597470167823251478258196861480293",
                "74304528607843985386342624545941948622",
                "180091905530473344708007724100318166586",
                "262854086518539490727188458766430843591",
                "190702219456582815482958778836885498026"
            ]
        },
        "id": "CVE-2025-54351-d05417ad",
        "source": "https://github.com/esnet/iperf/commit/969b7f70c447513e92c9798f22e82b40ebc53bf0",
        "signature_type": "Line"
    },
    {
        "deprecated": false,
        "signature_version": "v1",
        "target": {
            "file": "src/net.c",
            "function": "Nrecv_no_select"
        },
        "digest": {
            "length": 470.0,
            "function_hash": "289136881041769423876731907534497810987"
        },
        "id": "CVE-2025-54351-fdea148c",
        "source": "https://github.com/esnet/iperf/commit/969b7f70c447513e92c9798f22e82b40ebc53bf0",
        "signature_type": "Function"
    }
]
source
"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2025-54351.json"