Alerts This Week
Warning Icon 1 916
Alerts This Week
Warning Icon 1 916

SUSE: iperf Important Buffer Overflow and Auth Issues 2025:02749-1

suse
Calendar Grey August 11, 2025
Dist Suse Esm H88
SUSE rolls out a critical iperf security patch addressing buffer overflow vulnerabilities and authentication flaws, enhancing system protection.
* bsc#1247519 * bsc#1247520 * bsc#1247522 Cross-References:

Summary

## This update for iperf fixes the following issues: * update to 3.19.1: * CVE-2025-54351: Fixed buffer overflow in net.c (bsc#1247522) * CVE-2025-54350: Fixed Base64Decode assertion failure and application exit upon a malformed authentication attempt (bsc#1247520) * CVE-2025-54349: Fixed off-by-one error and resultant heap-based buffer overflow (bsc#1247519) * update to 3.19: * iperf3 now supports the use of Multi-Path TCP (MPTCPv1) on Linux with the use of the `-m` or `--mptcp` flag. (PR #1661) * iperf3 now supports a `--cntl-ka` option to enable TCP keepalives on the control connection. (#812, #835, PR #1423) * iperf3 now supports the `MSG_TRUNC` receive option, specified by the `--skip-rx-copy`. This theoretically improves the rated throughput of tests

Topics%20covered

Topics Covered

security advisory buffer overflow SuSE important authentication issue iperf

References

* bsc#1247519

* bsc#1247520

* bsc#1247522

Cross-

* CVE-2025-54349

* CVE-2025-54350

* CVE-2025-54351

CVSS scores:

* CVE-2025-54349 ( SUSE ): 5.0 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:L/I:L/A:L

* CVE-2025-54349 ( NVD ): 6.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:L/I:L/A:L

* CVE-2025-54349 ( NVD ): 10.0 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

* CVE-2025-54350 ( SUSE ): 5.3 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:H

* CVE-2025-54350 ( NVD ): 3.7 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:L

* CVE-2025-54350 ( NVD ): 5.3 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L

* CVE-2025-54351 ( SUSE ): 7.5 CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H

* CVE-2025-54351 ( NVD ): 8.9 CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:L

Severity
important
Lowest
Low
Medium
High
Critical

Announcement ID: SUSE-SU-2025:02749-1
Release Date: 2025-08-11T07:06:51Z
Rating: important

Topics%20covered

Topics Covered

security advisory buffer overflow SuSE important authentication issue iperf

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Your message here