146 matches found
SoftEther VPN Security Vulnerability
SoftEther VPN is an open source, cross-platform, multi-protocol VPN Virtual Private Network application. A security vulnerability exists in SoftEther VPN versions 4.41-9782-beta and 5.01.9674, which stems from an authentication bypass vulnerability in the CiRpcAccepted function, which can be...
SoftEther VPN Information Disclosure Vulnerability
SoftEther VPN is an open source, cross-platform, multi-protocol VPN Virtual Private Network application. An information disclosure vulnerability exists in SoftEther VPN versions 4.41-9782-beta and 5.01.9674, which stems from an information disclosure vulnerability in the CtEnumCa function, which...
PT-2023-23695 · Unknown · Softether Vpn
Name of the Vulnerable Software and Affected Versions: SoftEther VPN versions 4.41-9782-beta through 5.01.9674 Description: An information disclosure issue exists in the CtEnumCa functionality. Specially crafted network packets can lead to a disclosure of sensitive information. An attacker can se...
PT-2023-23924 · Unknown · Softether Vpn
Name of the Vulnerable Software and Affected Versions: SoftEther VPN versions 4.41-9782-beta through 5.01.9674 Description: An authentication bypass issue exists in the CiRpcServerThread functionality. This allows an attacker to perform a local man-in-the-middle attack to trigger the issue...
SoftEther VPN Buffer Error Vulnerability
SoftEther VPN is an open source, cross-platform, multi-protocol VPN Virtual Private Network application. A security vulnerability exists in SoftEther VPN versions 4.41-9782-beta, 5.01.9674, and 5.02, which stems from a denial-of-service vulnerability in the WpcParsePacket function, which can be...
PT-2023-23218
Name of the Vulnerable Software and Affected Versions SoftEther VPN version 5.01.9674 Description An information disclosure issue exists in the ClientConnect functionality. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can perform a...
SoftEther VPN Security Vulnerability
SoftEther VPN is an open source, cross-platform, multi-protocol VPN Virtual Private Network application. A security vulnerability exists in SoftEther VPN versions 5.01.9674 and 5.02, which stems from a denial-of-service vulnerability in the DCRegister DDNSRPCMAXRECVSIZE function, which can be...
SoftEther VPN Information Disclosure Vulnerability
SoftEther VPN is an open source cross-platform multi-protocol VPN Virtual Private Network application. An information disclosure vulnerability exists in SoftEther VPN version 5.01.9674, which originates from an information disclosure vulnerability in the ClientConnect function, which can be...
SoftEther VPN CiRpcServerThread() MitM authentication bypass vulnerability
Talos Vulnerability Report TALOS-2023-1755 SoftEther VPN CiRpcServerThread MitM authentication bypass vulnerability October 12, 2023 CVE Number CVE-2023-32634 SUMMARY An authentication bypass vulnerability exists in the CiRpcServerThread functionality of SoftEther VPN 5.01.9674 and 4.41-9782-beta...
Guyana Governmental Entity Hit by DinodasRAT in Cyber Espionage Attack
A governmental entity in Guyana has been targeted as part of a cyber espionage campaign dubbed Operation Jacana. The activity, which was detected by ESET in February 2023, entailed a spear-phishing attack that led to the deployment of a hitherto undocumented implant written in C++ called...
The vulnerability of the Dynamic DNS (DDNS) function of the SoftEther VPN client allows a hacker to execute arbitrary code.
The vulnerability of the Dynamic DNS DDNS function in the SoftEther VPN client client involves the possibility of buffer overflow attacks. Exploiting this vulnerability allows a malicious actor to execute arbitrary code by performing a “man-in-the-middle” attack...
Flax Typhoon using legitimate software to quietly access Taiwanese organizations
Summary Microsoft has identified a nation-state activity group tracked as Flax Typhoon, based in China, that is targeting dozens of organizations in Taiwan with the likely intention of performing espionage. Flax Typhoon gains and maintains long-term access to Taiwanese organizations networks with...
Multiple vulnerabilities in SoftEther VPN and PacketiX VPN
Overview SoftEther VPN provided by University of Tsukuba SoftEther VPN Project and PacketiX VPN provided by SoftEther Corporation contain multiple vulnerabilities listed below in VPN Client function, and Dynamic DNS Client function included in the VPN server. Heap-based buffer overflow CWE-122 -...
JVN#64316789: Multiple vulnerabilities in SoftEther VPN and PacketiX VPN
SoftEther VPN provided by University of Tsukuba SoftEther VPN Project and PacketiX VPN provided by SoftEther Corporation contain multiple vulnerabilities listed below in VPN Client function, and Dynamic DNS Client function included in the VPN server. Heap-based buffer overflow CWE-122 -...
PT-2023-8738 · Softether · Softether Vpn
Name of the Vulnerable Software and Affected Versions: SoftEther VPN versions 4.41-9782-beta through 5.02 Description: A denial of service issue exists in the DCRegister functionality of SoftEther VPN, related to the DDNS RPC MAX RECV SIZE. This can be triggered by a specially crafted network...
OSV-2022-709 Heap-buffer-overflow in dissect_softether_host_fqdn
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=50105 Crash type: Heap-buffer-overflow READ 10 Crash state: dissectsoftetherhostfqdn ndpisearchsoftether checkndpidetectionfunc...
PT-2022-37182 · Git +1 · Ndpi
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: A heap-buffer-overflow READ 10 crash occurred, involving the functions dissect softether host fqdn, ndpi search softether, and check ndpi detection func...
OSV-2022-691 Heap-buffer-overflow in dissect_softether_host_fqdn
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49901 Crash type: Heap-buffer-overflow READ 1 Crash state: dissectsoftetherhostfqdn ndpisearchsoftether checkndpidetectionfunc...
PT-2022-37172 · Git +1 · Ndpi
Name of the Vulnerable Software and Affected Versions: No specific software or versions are mentioned in the provided description. Description: The issue is related to a heap-buffer-overflow read, which was identified through an OSS-Fuzz report. The crash involves several functions, including...
OSV-2022-670 Heap-buffer-overflow in dissect_softether_ip_port
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=49736 Crash type: Heap-buffer-overflow READ 4 Crash state: dissectsoftetheripport ndpisearchsoftether checkndpidetectionfunc...