Vulnerability Details : CVE-2023-7250
A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf server, which can cause the server to hang indefinitely waiting for the remainder or until the connection gets closed. This will prevent other connections to the server, leading to a denial of service.
Vulnerability category: Denial of service
Products affected by CVE-2023-7250
Please log in to view affected product information.
Exploit prediction scoring system (EPSS) score for CVE-2023-7250
0.05%
Probability of exploitation activity in the next 30 days
EPSS Score History
~ 16 %
Percentile, the proportion of vulnerabilities that are scored at or less
CVSS scores for CVE-2023-7250
Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source | First Seen |
---|---|---|---|---|---|---|
5.3
|
MEDIUM | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L |
3.9
|
1.4
|
Red Hat, Inc. | 2024-03-18 |
CWE ids for CVE-2023-7250
-
The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are explicitly allowed by policy because the inputs are assumed to be safe, but the list is too permissive - that is, it allows an input that is unsafe, leading to resultant weaknesses.Assigned by: secalert@redhat.com (Primary)
References for CVE-2023-7250
-
https://access.redhat.com/errata/RHSA-2024:4241
RHSA-2024:4241 - Security Advisory - Red Hat Customer Portal
-
https://access.redhat.com/security/cve/CVE-2023-7250
CVE-2023-7250- Red Hat Customer Portal
-
https://access.redhat.com/errata/RHSA-2024:9185
RHSA-2024:9185 - Security Advisory - Red Hat カスタマーポータル
-
https://bugzilla.redhat.com/show_bug.cgi?id=2244707
2244707 – (CVE-2023-7250, ESNET-SECADV-2023-0002) CVE-2023-7250 iperf3: possible denial of service
Jump to