| Release | Version |
|---|---|
| bullseye | 3.9-1+deb11u1 |
| bullseye (security) | 3.9-1+deb11u3 |
| bookworm | 3.12-1+deb12u2 |
| bookworm (security) | 3.12-1+deb12u1 |
| trixie | 3.18-2+deb13u1 |
| forky | 3.19.1-1 |
| sid | 3.19.1-1 |
| Bug | bullseye | bookworm | trixie | forky | sid | Description |
|---|---|---|---|---|---|---|
| CVE-2024-53580 | fixed | vulnerable (no DSA) | fixed | fixed | fixed | iperf v3.17.1 was discovered to contain a segmentation violation via t ... |
| CVE-2024-26306 | fixed | vulnerable (no DSA, ignored) | fixed | fixed | fixed | iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server wi ... |
| CVE-2023-7250 | fixed | vulnerable (no DSA, ignored) | fixed | fixed | fixed | A flaw was found in iperf, a utility for testing network performance u ... |
| Bug | Description |
|---|---|
| CVE-2025-54351 | In iperf before 3.19.1, net.c has a buffer overflow when --skip-rx-cop ... |
| CVE-2025-54350 | In iperf before 3.19.1, iperf_auth.c has a Base64Decode assertion fail ... |
| CVE-2025-54349 | In iperf before 3.19.1, iperf_auth.c has an off-by-one error and resul ... |
| CVE-2023-38403 | iperf3 before 3.14 allows peers to cause an integer overflow and heap ... |
| CVE-2016-4303 | The parse_string function in cjson.c in the cJSON library mishandles U ... |
| DSA / DLA | Description |
|---|---|
| DLA-4281-1 | iperf3 - security update |
| DLA-4032-1 | iperf3 - security update |
| DLA-3506-1 | iperf3 - security update |
| DSA-5455-1 | iperf3 - security update |
| DLA-2080-1 | iperf3 - security update |