CVE-2025-54349
- Source
- https://cve.org/CVERecord?id=CVE-2025-54349
- Import Source
- https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54349.json
- JSON Data
- https://api.osv.dev/v1/vulns/CVE-2025-54349
- Downstream
- Related
- Published
- 2025-08-03T02:15:35.597Z
- Modified
- 2026-02-05T05:09:51.721519Z
- Severity
-
- 10.0 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H CVSS Calculator
- Summary
- [none]
- Details
-
In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resultant heap-based buffer overflow.
- References
Affected packages
Git / github.com/esnet/iperf
Affected versions
3.*
3.10
3.10.1
3.11
3.12
3.13
3.14
3.15
3.16
3.16-beta1
3.17.1
3.18
3.19
3.2
3.3
3.4
3.5
3.6
3.7
3.8
3.8.1
3.9
Database specific
vanir_signatures
[
{
"target": {
"file": "src/iperf_auth.c",
"function": "decode_auth_setting"
},
"id": "CVE-2025-54349-8664f98f",
"source": "https://github.com/esnet/iperf/commit/4e5313bab0b9b3fe03513ab54f722c8a3e4b7bdf",
"digest": {
"length": 1000.0,
"function_hash": "300693105224932451677532296278498551568"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
},
{
"target": {
"file": "src/iperf_auth.c"
},
"id": "CVE-2025-54349-981bb842",
"source": "https://github.com/esnet/iperf/commit/4e5313bab0b9b3fe03513ab54f722c8a3e4b7bdf",
"digest": {
"threshold": 0.9,
"line_hashes": [
"332950769409940220417913478201699367263",
"157654594138628077940856955559090258566",
"187919467100155823045499370726851029766",
"223957954894841644512003384738952265845",
"244863025665290351341425788860767073159",
"182356337828233385200068576339721579811",
"172092972991543735743784022545274176444",
"157350263339918688582622380972210430226",
"7658853751889115444961739189297949957",
"128056188801764755465746505650318453081",
"122824135669344003315807959737888602728",
"59835424638630236834535121583658999662",
"131858152481467350393832885703624622573",
"214595832873581031380961781472279800329",
"334311626713398414446147556671844708032",
"61281072910434423994397251809058144872",
"83881901096554422124775760247890540745",
"289660819725380629068733690392853546636",
"149514522086385706408858224228804393436",
"167335752591850030012116519120914220204",
"180711723875840719293449433867565733655",
"336028571209859735099334964642466895222",
"234815009044011912536270186383668413970",
"134978461556602773908475325875370945337",
"85806701692564220329299441384592685836",
"265949867682044519628881367999563373128",
"281436261027192419516187983502124907243",
"123994594537460707689189629375525618218",
"114852266697062498224339823270127953685",
"311035090074218207013726377369137090796",
"133343591057380661643236312629028045666",
"23378784483727679273808163315123410142",
"105496117750516856278692897036572143255",
"97999548720118992873557313522611298482",
"138294816604893211524549292444043695434",
"292929827189051731901814685836424162980",
"212332299326354530557071021814524408271",
"177278077689114789959836321934527262779",
"272326442987437352374696316265574946484",
"197657808266338532631532862931195505212",
"264970046376618134508664585022013982658",
"225098115318122086848987693750835607837"
]
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Line"
},
{
"target": {
"file": "src/iperf_auth.c",
"function": "decrypt_rsa_message"
},
"id": "CVE-2025-54349-d13e9630",
"source": "https://github.com/esnet/iperf/commit/4e5313bab0b9b3fe03513ab54f722c8a3e4b7bdf",
"digest": {
"length": 1253.0,
"function_hash": "131275195488931340578032671455593087395"
},
"signature_version": "v1",
"deprecated": false,
"signature_type": "Function"
}
]
source
"https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2025-54349.json"