CVE-2025-54349: 
NixOS vulnerability analysis and mitigation

CVE-2025-54349 is a security vulnerability discovered in iperf before version 3.19.1. The vulnerability is characterized by an off-by-one error in the iperf_auth.c file that results in a heap-based buffer overflow. The issue was discovered and reported by Han Lee from Apple Information Security (GitHub Release, NVD).

The vulnerability has been assigned a CVSS v3.1 base score of 10.0 (CRITICAL) by NIST with a vector string of CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H. The issue stems from an off-by-one error in the iperf_auth.c file, specifically related to the authentication mechanism. The vulnerability is tracked as CWE-193 (Off-by-one Error) (NVD).

The heap-based buffer overflow vulnerability could potentially lead to system compromise when SSL authentication is enabled. The vulnerability affects multiple versions of iperf3 across various distributions, including Debian's bullseye, bookworm, and trixie releases (Debian Tracker).

The vulnerability has been fixed in iperf version 3.19.1. The fix was implemented through commit 4e5313bab0b9b3fe03513ab54f722c8a3e4b7bdf in the master branch and commit 42280d2292ed5f213bfcb33b2206ebcdb151ae66 for version 3.19.1. Users are advised to upgrade to version 3.19.1 or later to mitigate this vulnerability (GitHub Commit, GitHub Release).