CVE-2024-26306

Published: May 13, 2024

Modified: Nov 3, 2025

PUBLISHED

Description

iPerf3 before 3.17, when used with OpenSSL before 3.2.0 as a server with RSA authentication, allows a timing side channel in RSA decryption operations. This side channel could be sufficient for an attacker to recover credential plaintext. It requires the attacker to send a large number of messages for decryption, as described in "Everlasting ROBOT: the Marvin Attack" by Hubert Kario.

Vendor	Product	Versions
n/a	n/a	affected `n/a`

References

https://github.com/esnet/iperf/releases/tag/3.17

https://downloads.es.net/pub/iperf/esnet-secadv-2024-0001.txt.asc

https://www.insyde.com/security-pledge/SA-2024005

Security Training

Train your team to recognize and prevent security threats with our comprehensive security awareness program.

Start Training

Vulnerability Scanning

Discover vulnerabilities in your applications and infrastructure before attackers do.

Scan Now

CVE-2024-26306

Description

Affected Products

References