CVE-2023-7250

A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf server, which can cause the server to hang indefinitely waiting for the remainder or until the connection gets closed. This will prevent other connections to the server, leading to a denial of service.

CVSS v3 5.3 MEDIUM

5.3^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 3.9 / Impact : 1.4

Attack Vector NETWORK

Attack Complexity LOW

Privileges Required NONE

User Interaction NONE

Confidentiality Impact NONE

Integrity Impact NONE

Availability Impact LOW

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2024:4241	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:9185	Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-7250	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2244707	Issue Tracking Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:4241	Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-7250	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2244707	Issue Tracking Third Party Advisory
https://lists.debian.org/debian-lts-announce/2025/01/msg00027.html

Configurations

Configuration 1 (hide)

cpe:2.3:a:es:iperf3:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:::::::*

History

03 Nov 2025, 21:16

Type	Values Removed	Values Added
References		() https://lists.debian.org/debian-lts-announce/2025/01/msg00027.html -

Information

Published : 2024-03-18 13:15

Updated : 2025-11-03 21:16

NVD link : CVE-2023-7250

Mitre link : CVE-2023-7250

CVE.ORG link : CVE-2023-7250

JSON object : View

Products Affected

redhat

enterprise_linux
enterprise_linux_for_power_little_endian
enterprise_linux_for_arm_64
enterprise_linux_for_ibm_z_systems

es

iperf3

CWE

CWE-183

Permissive List of Allowed Inputs

{"id": "CVE-2023-7250", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "LOW", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}, "impactScore": 1.4, "exploitabilityScore": 3.9}]}, "published": "2024-03-18T13:15:06.910", "references": [{"url": "https://access.redhat.com/errata/RHSA-2024:4241", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2024:9185", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://access.redhat.com/security/cve/CVE-2023-7250", "tags": ["Third Party Advisory"], "source": "[email protected]"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244707", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "[email protected]"}, {"url": "https://access.redhat.com/errata/RHSA-2024:4241", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://access.redhat.com/security/cve/CVE-2023-7250", "tags": ["Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://bugzilla.redhat.com/show_bug.cgi?id=2244707", "tags": ["Issue Tracking", "Third Party Advisory"], "source": "af854a3a-2127-422b-91ae-364da2661108"}, {"url": "https://lists.debian.org/debian-lts-announce/2025/01/msg00027.html", "source": "af854a3a-2127-422b-91ae-364da2661108"}], "vulnStatus": "Modified", "weaknesses": [{"type": "Secondary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-183"}]}], "descriptions": [{"lang": "en", "value": "A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf server, which can cause the server to hang indefinitely waiting for the remainder or until the connection gets closed. This will prevent other connections to the server, leading to a denial of service."}, {"lang": "es", "value": "Se encontr\u00f3 una falla en iperf, una utilidad para probar el rendimiento de la red mediante TCP, UDP y SCTP. Un cliente malicioso o que no funciona correctamente puede enviar menos cantidad de datos de la esperada al servidor iperf, lo que puede hacer que el servidor se cuelgue indefinidamente esperando el resto o hasta que se cierre la conexi\u00f3n. Esto evitar\u00e1 otras conexiones al servidor, lo que provocar\u00e1 una denegaci\u00f3n de servicio."}], "lastModified": "2025-11-03T21:16:03.827", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:es:iperf3:*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "960228C7-0351-4815-8EC0-6D612D65C040", "versionEndExcluding": "3.15"}], "operator": "OR"}]}, {"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:o:redhat:enterprise_linux:8.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "F4CFF558-3C47-480D-A2F0-BABF26042943"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux:9.0:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "7F6FB57C-2BC7-487C-96DD-132683AEB35D"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0_aarch64:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "5A47EF78-A5B6-4B89-8B74-EEB0647C549F"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0_aarch64:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "2F7DAD7C-9369-4A87-A1D0-4208D3AF0CDC"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "32AF225E-94C0-4D07-900C-DD868C05F554"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "FB056B47-1F45-4CE4-81F6-872F66C24C29"}, {"criteria": "cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "23D471AC-7DCA-4425-AD91-E5D928753A8C"}], "operator": "OR"}]}], "sourceIdentifier": "[email protected]"}