UbuntuUpdates.org

Package "libiperf0"

Name: libiperf0

Description:

Internet Protocol bandwidth measuring tool (runtime files)
Latest version: 3.9-1+deb11u1ubuntu0.1
Release: jammy (22.04)
Level: updates
Repository: universe
Head package: iperf3
Homepage: http://software.es.net/iperf/

Links

All versions of this package
Bug fixes

List of files in package
Repository home page

Download "libiperf0"

32-bit deb package
64-bit deb package
APT INSTALL

Other versions of "libiperf0" in Jammy

Repository Area Version
base universe 3.9-1build1
security universe 3.9-1+deb11u1ubuntu0.1

Changelog

Version: 3.9-1+deb11u1ubuntu0.1 2026-01-21 15:29:38 UTC

  iperf3 (3.9-1+deb11u1ubuntu0.1) jammy-security; urgency=medium

  * SECURITY UPDATE: missing timeout while reading input from network
    - debian/patches/CVE-2023-7250.patch: implements a timeout mechanism in
      Nread function located in src/net.c
    - CVE-2023-7250

  * SECURITY UPDATE: Information disclosure using time side channel
    - debian/patches/CVE-2024-26306.patch: use OAEP padding instead of
      PKCS1 padding for OpenSSL
    - CVE-2024-26306

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2024-53580.patch: add a variant of
      cJSON_GetObjectItem that does type-checking avoiding crash with
      malformed input
    - CVE-2024-53580

  * SECURITY UPDATE: Heap based buffer overflow
    - debian/patches/CVE-2025-54349.patch: fix off-by-one heap overflow
      in src/iperf_auth.c by allocating additional byte for null terminator
    - CVE-2025-54349

  * SECURITY UPDATE: Denial of service
    - debian/patches/CVE-2025-54350.patch: remove assertion that could
      cause crashes on malformed authentication attempts
    - CVE-2025-54350

 -- Shishir Subedi <email address hidden> Mon, 19 Jan 2026 20:01:49 +0545
Source diff to previous version
CVE-2023-7250 A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less tha
CVE-2024-26306 iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operation
CVE-2024-53580 iperf v3.17.1 was discovered to contain a segmentation violation via the iperf_exchange_parameters() function.
CVE-2025-54349 In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resultant heap-based buffer overflow.
CVE-2025-54350 In iperf before 3.19.1, iperf_auth.c has a Base64Decode assertion failure and application exit upon a malformed authentication attempt.

Version: 3.9-1+deb11u1build0.22.04.1 2023-10-16 11:06:58 UTC

  iperf3 (3.9-1+deb11u1build0.22.04.1) jammy-security; urgency=medium

  * fake sync from Debian


About   -   Send Feedback to @ubuntu_updates