Fixed
Created: May 14, 2024
Updated: Jul 10, 2025
Resolved Date: Jul 10, 2025
Found In Version: 10.24.33.1
Severity: Standard
Applicable for: Wind River Linux LTS 24
Component/s: Userspace
BREAKING CHANGE: iperf3's authentication features, when used with OpenSSL prior to 3.2.0, contain a vulnerability to a side-channel timing attack. To address this flaw, a change has been made to the padding applied to encrypted strings. This change is not backwards compatible with older versions of iperf3 (before 3.17). To restore the older (vulnerable) behavior, and hence backwards-compatibility, use the --use-pkcs1-padding flag. The iperf3 team thanks Hubert Kario from RedHat for reporting this issue and providing feedback on the fix. (CVE-2024-26306)(PR#1695)
https://github.com/esnet/iperf/pull/1695/commits/299b356df6939f71619bf45bf7a7d2222e17d840
CREATE(Triage):(User=admin) CVE-2024-26306 (https://nvd.nist.gov/vuln/detail/CVE-2024-26306)
