#RedHat has declined to address #CVE202338403 (iperf3 integer overflow and heap corruption) in #RHEL for which an upstream patch has already been submitted.

"We commit to addressing Red Hat defined Critical and Important security issues. Security vulnerabilities with Low or Moderate severity will be addressed on demand when customer or other business requirements exist to do so." is a response indicative of corporate #Linux #enshittification.

https://gitlab.com/redhat/centos-stream/rpms/iperf3/-/merge_requests/5#note_1476867836

NIST hasn't yet scored it, but Debian calls is "serious". https://nvd.nist.gov/vuln/detail/CVE-2023-38403