{"dataType": "CVE_RECORD", "cveMetadata": {"state": "PUBLISHED", "cveId": "CVE-2024-53580", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "dateUpdated": "2024-12-31T19:28:26.263Z", "dateReserved": "2024-11-20T00:00:00", "datePublished": "2024-12-18T00:00:00"}, "containers": {"cna": {"providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-12-18T22:26:01.713160"}, "descriptions": [{"lang": "en", "value": "iperf v3.17.1 was discovered to contain a segmentation violation via the iperf_exchange_parameters() function."}], "affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"version": "n/a", "status": "affected"}]}], "references": [{"url": "https://gist.github.com/neolead/663badf2ebefefa6fe4303695e7aa7a3"}, {"url": "https://github.com/esnet/iperf/releases/tag/3.18"}], "problemTypes": [{"descriptions": [{"type": "text", "lang": "en", "description": "n/a"}]}]}, "adp": [{"problemTypes": [{"descriptions": [{"type": "CWE", "cweId": "CWE-476", "lang": "en", "description": "CWE-476 NULL Pointer Dereference"}]}], "references": [{"url": "https://gist.github.com/neolead/663badf2ebefefa6fe4303695e7aa7a3", "tags": ["exploit"]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2024-12-31T19:27:09.932089Z", "id": "CVE-2024-53580", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-31T19:28:26.263Z"}}]}, "dataVersion": "5.1"}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2024-53580", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2024-12-31T19:27:09.932089Z"}}}], "references": [{"url": "https://gist.github.com/neolead/663badf2ebefefa6fe4303695e7aa7a3", "tags": ["exploit"]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-476", "description": "CWE-476 NULL Pointer Dereference"}]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2024-12-31T19:28:18.550Z"}}], "cna": {"affected": [{"vendor": "n/a", "product": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "references": [{"url": "https://gist.github.com/neolead/663badf2ebefefa6fe4303695e7aa7a3"}, {"url": "https://github.com/esnet/iperf/releases/tag/3.18"}], "descriptions": [{"lang": "en", "value": "iperf v3.17.1 was discovered to contain a segmentation violation via the iperf_exchange_parameters() function."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "text", "description": "n/a"}]}], "providerMetadata": {"orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre", "dateUpdated": "2024-12-18T22:26:01.713160"}}}, "cveMetadata": {"cveId": "CVE-2024-53580", "state": "PUBLISHED", "dateUpdated": "2024-12-31T19:28:26.263Z", "dateReserved": "2024-11-20T00:00:00", "assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "datePublished": "2024-12-18T00:00:00", "assignerShortName": "mitre"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "iperf v3.17.1 was discovered to contain a segmentation violation via the iperf_exchange_parameters() function."}, {"lang": "es", "value": "Se descubri\u00f3 que iperf v3.17.1 conten\u00eda una violaci\u00f3n de segmentaci\u00f3n a trav\u00e9s de la funci\u00f3n iperf_exchange_parameters()."}], "id": "CVE-2024-53580", "lastModified": "2024-12-31T20:16:06.953", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2024-12-18T23:15:17.010", "references": [{"source": "cve@mitre.org", "url": "https://gist.github.com/neolead/663badf2ebefefa6fe4303695e7aa7a3"}, {"source": "cve@mitre.org", "url": "https://github.com/esnet/iperf/releases/tag/3.18"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://gist.github.com/neolead/663badf2ebefefa6fe4303695e7aa7a3"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Awaiting Analysis", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-476"}], "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}

{"affected_release": [{"advisory": "RHSA-2025:0402", "cpe": "cpe:/o:redhat:rhel_els:7", "package": "iperf3-0:3.1.7-3.el7_9.1", "product_name": "Red Hat Enterprise Linux 7 Extended Lifecycle Support", "release_date": "2025-01-20T00:00:00Z"}, {"advisory": "RHSA-2025:0168", "cpe": "cpe:/a:redhat:enterprise_linux:8", "package": "iperf3-0:3.5-11.el8_10", "product_name": "Red Hat Enterprise Linux 8", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0403", "cpe": "cpe:/a:redhat:rhel_aus:8.2", "package": "iperf3-0:3.5-4.el8_2.1", "product_name": "Red Hat Enterprise Linux 8.2 Advanced Update Support", "release_date": "2025-01-20T00:00:00Z"}, {"advisory": "RHSA-2025:0548", "cpe": "cpe:/a:redhat:rhel_aus:8.4", "package": "iperf3-0:3.5-7.el8_4.1", "product_name": "Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support", "release_date": "2025-01-21T00:00:00Z"}, {"advisory": "RHSA-2025:0548", "cpe": "cpe:/a:redhat:rhel_tus:8.4", "package": "iperf3-0:3.5-7.el8_4.1", "product_name": "Red Hat Enterprise Linux 8.4 Telecommunications Update Service", "release_date": "2025-01-21T00:00:00Z"}, {"advisory": "RHSA-2025:0548", "cpe": "cpe:/a:redhat:rhel_e4s:8.4", "package": "iperf3-0:3.5-7.el8_4.1", "product_name": "Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions", "release_date": "2025-01-21T00:00:00Z"}, {"advisory": "RHSA-2025:0346", "cpe": "cpe:/a:redhat:rhel_aus:8.6", "package": "iperf3-0:3.5-7.el8_6.1", "product_name": "Red Hat Enterprise Linux 8.6 Advanced Mission Critical Update Support", "release_date": "2025-01-15T00:00:00Z"}, {"advisory": "RHSA-2025:0346", "cpe": "cpe:/a:redhat:rhel_tus:8.6", "package": "iperf3-0:3.5-7.el8_6.1", "product_name": "Red Hat Enterprise Linux 8.6 Telecommunications Update Service", "release_date": "2025-01-15T00:00:00Z"}, {"advisory": "RHSA-2025:0346", "cpe": "cpe:/a:redhat:rhel_e4s:8.6", "package": "iperf3-0:3.5-7.el8_6.1", "product_name": "Red Hat Enterprise Linux 8.6 Update Services for SAP Solutions", "release_date": "2025-01-15T00:00:00Z"}, {"advisory": "RHSA-2025:0404", "cpe": "cpe:/a:redhat:rhel_eus:8.8", "package": "iperf3-0:3.5-7.el8_8.1", "product_name": "Red Hat Enterprise Linux 8.8 Extended Update Support", "release_date": "2025-01-20T00:00:00Z"}, {"advisory": "RHSA-2025:0161", "cpe": "cpe:/a:redhat:enterprise_linux:9", "package": "iperf3-0:3.9-13.el9_5.1", "product_name": "Red Hat Enterprise Linux 9", "release_date": "2025-01-09T00:00:00Z"}, {"advisory": "RHSA-2025:0570", "cpe": "cpe:/a:redhat:rhel_e4s:9.0", "package": "iperf3-0:3.9-10.el9_0.1", "product_name": "Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions", "release_date": "2025-01-21T00:00:00Z"}, {"advisory": "RHSA-2025:0440", "cpe": "cpe:/a:redhat:rhel_eus:9.2", "package": "iperf3-0:3.9-10.el9_2.1", "product_name": "Red Hat Enterprise Linux 9.2 Extended Update Support", "release_date": "2025-01-20T00:00:00Z"}, {"advisory": "RHSA-2025:0505", "cpe": "cpe:/a:redhat:rhel_eus:9.4", "package": "iperf3-0:3.9-11.el9_4.1", "product_name": "Red Hat Enterprise Linux 9.4 Extended Update Support", "release_date": "2025-01-21T00:00:00Z"}], "bugzilla": {"description": "iperf: Denial of Service in iperf Due to Improper JSON Handling", "id": "2333146", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=2333146"}, "csaw": false, "cvss3": {"cvss3_base_score": "7.5", "cvss3_scoring_vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H", "status": "verified"}, "cwe": "CWE-476", "details": ["iperf v3.17.1 was discovered to contain a segmentation violation via the iperf_exchange_parameters() function.", "A flaw was found in iperf. This vulnerability allows a Denial of Service (DoS) via the injection of malformed JSON data, which can result in a segmentation fault when a NULL pointer is passed to strdup()."], "mitigation": {"lang": "en:us", "value": "Mitigation for this issue is either not available or the currently available options do not meet the Red Hat Product Security criteria comprising ease of use and deployment, applicability to widespread installation base or stability."}, "name": "CVE-2024-53580", "public_date": "2024-12-18T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2024-53580\nhttps://nvd.nist.gov/vuln/detail/CVE-2024-53580\nhttps://gist.github.com/neolead/663badf2ebefefa6fe4303695e7aa7a3\nhttps://github.com/esnet/iperf/releases/tag/3.18"], "statement": "This vulnerability marked as important severity rather than moderate due to its potential to cause a complete denial of service (DoS) by exploiting a segmentation fault through malformed JSON data. The flaw stems from improper input validation, which allows attackers to crash the server by sending invalid data that triggers memory mismanagement. Since iperf is widely used in performance testing of network systems, a DoS attack could disrupt critical operations in production environments, leading to service outages or performance degradation in large-scale networks.", "threat_severity": "Important"}