All errata/p9/ALT-PU-2025-16649-1
ALT-PU-2025-16649-1

Package update iperf3 in branch p9

Version3.18.1-alt1
Task#373340
Published2025-02-14
Max severityMEDIUM
Severity:

Closed issues (2)

BDU:2024-04484
MEDIUM5.9

Уязвимость компонента OpenSSL Handler инструмента измерения пропускной способности сети Iperf3, позволяющая нарушителю получить доступ к конфиденциальной информации

Published: 2024-06-13Modified: 2025-03-19
CVSS 3.xMEDIUM 5.9
CVSS:3.x/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS 2.0MEDIUM 5.4
CVSS:2.0/AV:N/AC:H/Au:N/C:C/I:N/A:N
References
CVE-2024-26306
MEDIUM5.9

iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario.

Published: 2024-05-14Modified: 2025-11-03
CVSS 3.xMEDIUM 5.9
CVSS:3.x/CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:N/A:N
References