This vulnerability is marked as RESERVED by NVD. This means that the CVE-ID is reserved for future use by the CVE Numbering Authority (CNA) or a security researcher, but the details of it are not yet publicly available yet.
This page will reflect the classification results once they are available through NVD.
Any vendor information available is shown as below.
iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages for decryption, as described in “Everlasting ROBOT: the Marvin Attack” by Hubert Kario.
| Name | Vendor | Version |
|---|---|---|
| Iperf3 | Ubuntu/esm-apps/bionic | backporting risks regression |
| Iperf3 | Ubuntu/esm-apps/focal | 3.7-3ubuntu0.1~esm2 |
| Iperf3 | Ubuntu/esm-apps/noble | 3.16-1ubuntu0.1~esm1 |
| Iperf3 | Ubuntu/jammy | 3.9-1+deb11u1ubuntu0.1 |
| Iperf3 | Ubuntu/mantic | end of life, was needs-triage |
| Iperf3 | Ubuntu/noble | |
| Iperf3 | Ubuntu/plucky | end of life, was needs-triage |
| Iperf3 | Ubuntu/upstream | 3.17 |
| Iperf3 | Ubuntu/esm-apps/jammy | 3.9-1+deb11u1ubuntu0.1 |
| Iperf3 | Ubuntu/esm-apps/xenial | backporting risks regression |
| Iperf3 | Ubuntu/focal | end of standard support, was needs-triage |
| Iperf3 | Ubuntu/oracular | end of life, was needs-triage |