CVE-2023-7250 — MEDIUM (5.3)

Q: How severe is CVE-2023-7250?

CVE-2023-7250 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2023-7250?

Check the references section above for vendor advisories and patch information. Affected products include: Es Iperf3, Redhat Enterprise Linux, Redhat Enterprise Linux For Arm 64, Redhat Enterprise Linux For Ibm Z Systems, Redhat Enterprise Linux For Power Little Endian.

Vulnerability Description

A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf server, which can cause the server to hang indefinitely waiting for the remainder or until the connection gets closed. This will prevent other connections to the server, leading to a denial of service.

CVSS Score

5.3

MEDIUM

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

NONE

Integrity

NONE

Availability

LOW

Affected Products

Vendor	Product	Versions
Es	Iperf3	< 3.15
Redhat	Enterprise Linux	8.0
Redhat	Enterprise Linux For Arm 64	8.0_aarch64
Redhat	Enterprise Linux For Ibm Z Systems	8.0_s390x
Redhat	Enterprise Linux For Power Little Endian	8.0_ppc64le

Related Weaknesses (CWE)

CWE-183

References

https://access.redhat.com/errata/RHSA-2024:4241Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:9185Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-7250Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2244707Issue TrackingThird Party Advisory
https://access.redhat.com/errata/RHSA-2024:4241Third Party Advisory
https://access.redhat.com/security/cve/CVE-2023-7250Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2244707Issue TrackingThird Party Advisory
https://lists.debian.org/debian-lts-announce/2025/01/msg00027.html

FAQ

What is CVE-2023-7250?

CVE-2023-7250 is a vulnerability with a CVSS score of 5.3 (MEDIUM). A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf server, ...

How severe is CVE-2023-7250?

CVE-2023-7250 has been rated MEDIUM with a CVSS base score of 5.3/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2023-7250?

Check the references section above for vendor advisories and patch information. Affected products include: Es Iperf3, Redhat Enterprise Linux, Redhat Enterprise Linux For Arm 64, Redhat Enterprise Linux For Ibm Z Systems, Redhat Enterprise Linux For Power Little Endian.