SB2026012156 - Ubuntu update for iperf3
Published: January 21, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 5 secuirty vulnerabilities.
1) Resource management error (CVE-ID: CVE-2023-7250)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to improper management of internal resources within the application. A remote malicious client can initiate the connection with the server sending it less data than expected and block the iperf server from servicing other clients.
2) Information Exposure Through Timing Discrepancy (CVE-ID: CVE-2024-26306)
The vulnerability allows a remote attacker to gain access to sensitive information.
The vulnerability exists due to a timing side channel in RSA decryption operations. A remote attacker can send a large number of messages for decryption and recover credentials.
3) Buffer overflow (CVE-ID: CVE-2024-53580)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a boundary error when handling JSON type data. A remote attacker can pass specially crafted input to the application and perform a denial of service (DoS) attack.
4) Off-by-one (CVE-ID: CVE-2025-54349)
The vulnerability allows a remote attacker to execute arbitrary code on the target system.
The vulnerability exists due to an off-by-one error in iperf_auth.c. A remote attacker can trigger an off-by-one error and execute arbitrary code on the target system.
Successful exploitation of this vulnerability may result in complete compromise of vulnerable system.
5) Reachable assertion (CVE-ID: CVE-2025-54350)
The vulnerability allows a remote attacker to perform a denial of service (DoS) attack.
The vulnerability exists due to a reachable assertion in iperf_auth.c. A remote attacker can perform a denial of service (DoS) attack.
Remediation
Install update from vendor's website.