146 matches found
Denial of service
A denial of service vulnerability exists in the DCRegister DDNSRPCMAXRECVSIZE functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can perform a man-in-the-middle attack to trigger this vulnerability...
Information disclosure
An information disclosure vulnerability exists in the ClientConnect functionality of SoftEther VPN 5.01.9674. A specially crafted network packet can lead to a disclosure of sensitive information. An attacker can perform a man-in-the-middle attack to trigger this vulnerability...
CVE-2023-22325
A denial of service vulnerability exists in the DCRegister DDNSRPCMAXRECVSIZE functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can perform a man-in-the-middle attack to trigger this vulnerability...
CVE-2023-27395
A heap-based buffer overflow vulnerability exists in the vpnserver WpcParsePacket functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to arbitrary code execution. An attacker can perform a man-in-the-middle attack to trigger this...
CVE-2023-27395
CVE-2023-27395 is a heap-based buffer overflow in SoftEther VPN’s vpnserver WpcParsePacket() used by SoftEther VPN 4.41-9782-beta, 5.01.9674, and 5.02. A specially crafted network packet can trigger arbitrary code execution, with the attacker able to perform a man-in-the-middle attack to trigger ...
CVE-2023-22308
CVE-2023-22308 affects SoftEther VPN vpnserver OpenVPN support. Talos reports an integer underflow in OvsProcessData handling for TCP OpenVPN data, enabling a crafted TCP packet to crash the server (denial of service). OpenVPN traffic is identified by the first two bytes 0x00 0x0E in TCP mode; UD...
CVE-2023-22325
CVE-2023-22325 affects SoftEther VPN, specifically the DCRegister DDNS_RPC_MAX_RECV_SIZE functionality. A specially crafted network packet can trigger a denial-of-service condition, with MITM usage noted in some descriptions. Affected versions include SoftEther VPN 4.41-9782-beta, 5.01.9674, and ...
CVE-2023-27395
A heap-based buffer overflow vulnerability exists in the vpnserver WpcParsePacket functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to arbitrary code execution. An attacker can perform a man-in-the-middle attack to trigger this...
CVE-2023-22325
A denial of service vulnerability exists in the DCRegister DDNSRPCMAXRECVSIZE functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can perform a man-in-the-middle attack to trigger this vulnerability...
CVE-2023-23581
A denial-of-service vulnerability exists in the vpnserver EnSafeHttpHeaderValueStr functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service...
CVE-2023-25774
A denial-of-service vulnerability exists in the vpnserver ConnectionAccept functionality of SoftEther VPN 5.02. A set of specially crafted network connections can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability...
CVE-2023-25774
A denial-of-service vulnerability exists in the vpnserver ConnectionAccept functionality of SoftEther VPN 5.02. A set of specially crafted network connections can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability...
CVE-2023-23581
CVE-2023-23581 is a SoftEther VPN vulnerability in the vpnserver EnSafeHttpHeaderValueStr function. Talos confirms denial-of-service via specially crafted network packets, affecting SoftEther VPN server versions 5.01.9674 and 5.02. The root cause is an out-of-bounds read triggered during HTTP hea...
CVE-2023-25774
CVE-2023-25774: Talos reports a denial-of-service in SoftEther VPN 5.01.9674 and 5.02 due to a vulnerability in vpnserver ConnectionAccept() that can exhaust resources by spawning many threads. Root cause appears to be synchronization/locking leading to long delays and eventual server crash under...
CVE-2023-23581
A denial-of-service vulnerability exists in the vpnserver EnSafeHttpHeaderValueStr functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service...
CVE-2023-32275
An information disclosure vulnerability exists in the CtEnumCa functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. Specially crafted network packets can lead to a disclosure of sensitive information. An attacker can send packets to trigger this vulnerability...
CVE-2023-27516
An authentication bypass vulnerability exists in the CiRpcAccepted functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. A specially crafted network packet can lead to unauthorized access. An attacker can send a network request to trigger this vulnerability...
CVE-2023-32275
An information disclosure vulnerability exists in the CtEnumCa functionality of SoftEther VPN 4.41-9782-beta and 5.01.9674. Specially crafted network packets can lead to a disclosure of sensitive information. An attacker can send packets to trigger this vulnerability...
CVE-2023-27516
CVE-2023-27516 affects SoftEther VPN 4.41-9782-beta and 5.01.9674, where a flaw in the CiRpcAccepted() function allows authentication bypass via a specially crafted network packet, enabling unauthorized access. The Red Hat, JVN, and other records corroborate the affected versions and the specific...
CVE-2023-32275
CVE-2023-32275 concerns SoftEther VPN and PacketiX VPN. The vulnerability lies in the CtEnumCa() function, affecting SoftEther VPN versions 4.41-9782-beta and 5.01.9674. By sending specially crafted network packets, an attacker can trigger information disclosure, exposing sensitive data. Several ...