rpms/iperf3
7
0
Fork 1
Code Issues Pull Requests Releases Activity

Resolves: RHEL-136175 - iperf Heap Buffer Overflow (CVE-2025-54349)

Browse Source
This commit is contained in:
Michal Ruprich 2026-01-23 10:29:48 +01:00
parent 88bee09197
commit 2106674a83
2 changed files with 40 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

35
0008-cve-2025-54349.patch Normal file
View File

@ -0,0 +1,35 @@
diff --git a/src/iperf_auth.c b/src/iperf_auth.c
index a268bab..9dbe4d0 100644
--- a/src/iperf_auth.c
+++ b/src/iperf_auth.c
@@ -247,7 +248,8 @@ int decrypt_rsa_message(const unsigned char *encryptedtext, const int encryptedt
keysize = RSA_size(rsa);
rsa_buffer = OPENSSL_malloc(keysize * 2);
- *plaintext = (unsigned char*)OPENSSL_malloc(keysize);
+ // Note: +1 for NULL
+ *plaintext = (unsigned char*)OPENSSL_malloc(keysize + 1);
BIO *bioBuff = BIO_new_mem_buf((void*)encryptedtext, encryptedtext_len);
rsa_buffer_len = BIO_read(bioBuff, rsa_buffer, keysize * 2);
@@ -263,7 +265,7 @@ int decrypt_rsa_message(const unsigned char *encryptedtext, const int encryptedt
OPENSSL_free(rsa_buffer);
OPENSSL_free(bioBuff);
- if (plaintext_len < 0) {
+ if (plaintext_len <= 0) {
plaintext_len = 0;
}
@@ -290,6 +292,11 @@ int decode_auth_setting(int enable_debug, char *authtoken, const char *private_k
unsigned char *plaintext = NULL;
int plaintext_len;
plaintext_len = decrypt_rsa_message(encrypted_b64, encrypted_len_b64, private_keyfile, &plaintext, use_pkcs1_padding);
+ free(encrypted_b64);
+ if (plaintext_len <= 0) {
+ return -1;
+ }
+
plaintext[plaintext_len] = '\0';
char s_username[20], s_password[20];

6
iperf3.spec
View File

@ -1,6 +1,6 @@
Name: iperf3
Version: 3.5
Release: 11%{?dist}
Release: 12%{?dist}
Summary: Measurement tool for TCP/UDP bandwidth performance
Group: Applications/Internet
@ -17,6 +17,7 @@ Patch0004: 0004-cve-2023-38403.patch
Patch0005: 0005-cve-2023-7250.patch
Patch0006: 0006-cve-2024-26306.patch
Patch0007: 0007-cve-2024-53580.patch
Patch0008: 0008-cve-2025-54349.patch
%description
Iperf is a tool to measure maximum TCP bandwidth, allowing the tuning of
@ -64,6 +65,9 @@ rm -f %{buildroot}%{_libdir}/libiperf.la
%{_libdir}/*.so
%changelog
* Fri Jan 23 2026 Michal Ruprich <mruprich@redhat.com> - 3.5-12
- Resolves: RHEL-136175 - iperf Heap Buffer Overflow (CVE-2025-54349)
* Wed Jan 08 2025 Michal Ruprich <mruprich@redhat.com> - 3.5-11
- Resolves: RHEL-72924 - Denial of Service in iperf Due to Improper JSON Handling