{"document":{"aggregate_severity":{"namespace":"https://www.suse.com/support/security/rating/","text":"low"},"category":"csaf_vex","csaf_version":"2.0","distribution":{"text":"Copyright 2024 SUSE LLC. All rights reserved.","tlp":{"label":"WHITE","url":"https://www.first.org/tlp/"}},"lang":"en","notes":[{"category":"summary","text":"SUSE CVE-2023-7250","title":"Title"},{"category":"description","text":"A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf server, which can cause the server to hang indefinitely waiting for the remainder or until the connection gets closed. This will prevent other connections to the server, leading to a denial of service.","title":"Description of the CVE"},{"category":"legal_disclaimer","text":"CSAF 2.0 data is provided by SUSE under the Creative Commons License 4.0 with Attribution (CC-BY-4.0).","title":"Terms of use"}],"publisher":{"category":"vendor","contact_details":"https://www.suse.com/support/security/contact/","name":"SUSE Product Security Team","namespace":"https://www.suse.com/"},"references":[{"category":"external","summary":"CVE-2023-7250","url":"https://www.suse.com/security/cve/CVE-2023-7250"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1221555 for CVE-2023-7250","url":"https://bugzilla.suse.com/1221555"},{"category":"external","summary":"Advisory link for RHSA-2024:9185","url":"https://lists.suse.com/pipermail/suse-liberty-linux-updates/2024-November/000593.html"}],"title":"SUSE CVE CVE-2023-7250","tracking":{"current_release_date":"2025-03-15T06:32:35Z","generator":{"date":"2024-03-19T03:41:17Z","engine":{"name":"cve-database.git:bin/generate-csaf-vex.pl","version":"1"}},"id":"CVE-2023-7250","initial_release_date":"2024-03-19T03:41:17Z","revision_history":[{"date":"2024-03-19T03:41:17Z","number":"2","summary":"Current version"},{"date":"2024-07-17T04:12:29Z","number":"3","summary":"Current version"},{"date":"2024-11-23T00:45:55Z","number":"4","summary":"Current version"},{"date":"2025-01-01T02:19:41Z","number":"5","summary":"Current version"},{"date":"2025-02-14T06:44:07Z","number":"6","summary":"Current version"},{"date":"2025-02-16T06:36:42Z","number":"7","summary":"Current version"},{"date":"2025-03-15T06:32:35Z","number":"8","summary":"Current version"}],"status":"interim","version":"8"}},"product_tree":{"branches":[{"branches":[{"branches":[{"category":"product_name","name":"SUSE Liberty Linux 8","product":{"name":"SUSE Liberty Linux 8","product_id":"SUSE Liberty Linux 8","product_identification_helper":{"cpe":"cpe:/o:suse:sll:8"}}},{"category":"product_name","name":"SUSE Liberty Linux 9","product":{"name":"SUSE Liberty Linux 9","product_id":"SUSE Liberty Linux 9","product_identification_helper":{"cpe":"cpe:/o:suse:sll:9"}}},{"category":"product_version","name":"iperf3-3.5-10.el8_10","product":{"name":"iperf3-3.5-10.el8_10","product_id":"iperf3-3.5-10.el8_10","product_identification_helper":{"purl":"pkg:rpm/suse/iperf3@3.5-10.el8_10"}}},{"category":"product_version","name":"iperf3-3.9-13.el9","product":{"name":"iperf3-3.9-13.el9","product_id":"iperf3-3.9-13.el9","product_identification_helper":{"purl":"pkg:rpm/suse/iperf3@3.9-13.el9"}}}],"category":"product_family","name":"SUSE Linux Enterprise"}],"category":"vendor","name":"SUSE"}],"relationships":[{"category":"default_component_of","full_product_name":{"name":"iperf3-3.5-10.el8_10 as component of SUSE Liberty Linux 8","product_id":"SUSE Liberty Linux 8:iperf3-3.5-10.el8_10"},"product_reference":"iperf3-3.5-10.el8_10","relates_to_product_reference":"SUSE Liberty Linux 8"},{"category":"default_component_of","full_product_name":{"name":"iperf3-3.9-13.el9 as component of SUSE Liberty Linux 9","product_id":"SUSE Liberty Linux 9:iperf3-3.9-13.el9"},"product_reference":"iperf3-3.9-13.el9","relates_to_product_reference":"SUSE Liberty Linux 9"}]},"vulnerabilities":[{"cve":"CVE-2023-7250","ids":[{"system_name":"SUSE CVE Page","text":"https://www.suse.com/security/cve/CVE-2023-7250"}],"notes":[{"category":"general","text":"A flaw was found in iperf, a utility for testing network performance using TCP, UDP, and SCTP. A malicious or malfunctioning client can send less than the expected amount of data to the iperf server, which can cause the server to hang indefinitely waiting for the remainder or until the connection gets closed. This will prevent other connections to the server, leading to a denial of service.","title":"CVE description"}],"product_status":{"recommended":["SUSE Liberty Linux 8:iperf3-3.5-10.el8_10","SUSE Liberty Linux 9:iperf3-3.9-13.el9"]},"references":[{"category":"external","summary":"CVE-2023-7250","url":"https://www.suse.com/security/cve/CVE-2023-7250"},{"category":"external","summary":"SUSE Security Ratings","url":"https://www.suse.com/support/security/rating/"},{"category":"external","summary":"SUSE Bug 1221555 for CVE-2023-7250","url":"https://bugzilla.suse.com/1221555"},{"category":"external","summary":"Advisory link for RHSA-2024:9185","url":"https://lists.suse.com/pipermail/suse-liberty-linux-updates/2024-November/000593.html"}],"remediations":[{"category":"vendor_fix","details":"To install this SUSE Security Update use the SUSE recommended installation methods like YaST online_update or \"zypper patch\".\n","product_ids":["SUSE Liberty Linux 8:iperf3-3.5-10.el8_10","SUSE Liberty Linux 9:iperf3-3.9-13.el9"]}],"scores":[{"cvss_v3":{"baseScore":3.1,"baseSeverity":"LOW","vectorString":"CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:N/I:N/A:L","version":"3.1"},"products":["SUSE Liberty Linux 8:iperf3-3.5-10.el8_10","SUSE Liberty Linux 9:iperf3-3.9-13.el9"]}],"threats":[{"category":"impact","date":"2024-03-15T16:01:06Z","details":"low"}],"title":"CVE-2023-7250"}]}