| Package | iperf3 |
|---|---|
| Version | 3.9-1+deb8u1 (jessie), 3.9-1+deb9u1 (stretch), 3.9-1+deb10u1 (buster) |
| Related CVEs | CVE-2023-7250 CVE-2024-26306 CVE-2024-53580 |
Several security vulnerabilities have been discovered in iperf3, an internet protocol bandwidth measuring tool, which may lead to a denial-of-service. When iperf3 was used as a server with RSA authentication CVE-2024-26306 allowed a timing side channel attack in RSA decryption operations sufficient for an attacker to recover credential plaintext.
For Debian 10 buster, these problems have been fixed in version 3.9-1+deb10u1.
For Debian 8 jessie, these problems have been fixed in version 3.9-1+deb8u1.
For Debian 9 stretch, these problems have been fixed in version 3.9-1+deb9u1.
We recommend that you upgrade your iperf3 packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.