StarlingX

[Debian] High CVE: CVE-2023-38403 iperf3: integer overflow and heap corruption

Bug #2029210 reported by Yue Tao on 2023-08-01

260

This bug affects 2 people

Affects		Status	Importance	Assigned to	Milestone
	StarlingX	Fix Released	High	Wentao Zhang

iperf3 before 3.14 allows peers to cause an integer overflow and heap corruption via a crafted length field.

Base Score: High

References:

['iperf3_3.9-1_amd64.deb===>iperf3_3.9-1+deb11u1_amd64.deb', 'libiperf0_3.9-1_amd64.deb===>libiperf0_3.9-1+deb11u1_amd64.deb']

Tags:

Yue Tao (wrytao) on 2023-08-01

tags:

added: stx.9.0 stx.security
removed: stx.9

Wentao Zhang (wzhang4) on 2023-08-21

Changed in starlingx:
assignee:	nobody → Wentao Zhang (wzhang4)

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-08-22: Fix proposed to tools (master)

Changed in starlingx:
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2023-09-04: Fix merged to tools (master)

commit 67004af13a4f3ec834f6d3a81647896d142b21a3
Author: Wentao Zhang <email address hidden>
Date: Sun Aug 20 20:03:22 2023 -0700

Debian: package : fix CVE-2023-38403

Upgrade iperf3 to 3.9-1+deb11u1
Upgrade libiperf0 to 3.9-1+deb11u1

    Test Plan:
    Pass: downloader
    Pass: build-pkgs --clean --all
    Pass: build-image
    Pass: boot

Closes-bug: #2029210

Signed-off-by: Wentao Zhang <email address hidden>
Change-Id: I2147dec036cb22b33633d8bd459439e97efcdf88

Changed in starlingx:
status:	In Progress → Fix Released

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Bug watches keep track of this bug in other bug trackers.