Lucene search
K

13 matches found

CVE
CVE
added 2025/03/12 12:0 a.m.83 views

CVE-2025-25565

SoftEther VPN 5.02.5187 is affected by CVE-2025-25565 due to a Buffer Overflow in the Command.c file, exploitable via the PtMakeCert and PtMakeCert2048 functions. Records consistently describe a buffer overflow in these functions; the supplier disputes the claim (the provider notes the behavior c...

9.8CVSS6.5AI score0.00582EPSS
CVE
CVE
added 2023/10/12 3:27 p.m.82 views

CVE-2023-27395

CVE-2023-27395 is a heap-based buffer overflow in SoftEther VPN’s vpnserver WpcParsePacket() used by SoftEther VPN 4.41-9782-beta, 5.01.9674, and 5.02. A specially crafted network packet can trigger arbitrary code execution, with the attacker able to perform a man-in-the-middle attack to trigger ...

9CVSS8.3AI score0.01543EPSS
CVE
CVE
added 2025/03/12 12:0 a.m.74 views

CVE-2025-25567

CVE-2025-25567 affects SoftEther VPN version 5.02.5187, where a Buffer Overflow occurs in Internat.c via the UniToStrForSingleChars function. The NVD/Red Hat/PTSecurity and vuln enrichment entries concur on the vulnerability class, with an extremely high CVSS3.1 base score (9.8) and impact to con...

9.8CVSS6.2AI score0.00553EPSS
CVE
CVE
added 2025/03/12 12:0 a.m.73 views

CVE-2025-25568

SoftEtherVPN 5.02.5187 is affected by a Use-After-Free in the Command.c file via the CheckNetworkAcceptThread function. Public descriptions consistently attribute the issue to a use-after-free condition, with the supplier noting the issue may originate in a separate stress-testing tool rather tha...

9.8CVSS6.7AI score0.00543EPSS
CVE
CVE
added 2023/10/12 3:27 p.m.68 views

CVE-2023-25774

CVE-2023-25774: Talos reports a denial-of-service in SoftEther VPN 5.01.9674 and 5.02 due to a vulnerability in vpnserver ConnectionAccept() that can exhaust resources by spawning many threads. Root cause appears to be synchronization/locking leading to long delays and eventual server crash under...

7.5CVSS7.5AI score0.00728EPSS
CVE
CVE
added 2023/10/12 3:27 p.m.68 views

CVE-2023-32275

CVE-2023-32275 concerns SoftEther VPN and PacketiX VPN. The vulnerability lies in the CtEnumCa() function, affecting SoftEther VPN versions 4.41-9782-beta and 5.01.9674. By sending specially crafted network packets, an attacker can trigger information disclosure, exposing sensitive data. Several ...

5.5CVSS5.1AI score0.00392EPSS
CVE
CVE
added 2023/10/12 3:27 p.m.67 views

CVE-2023-22325

CVE-2023-22325 affects SoftEther VPN, specifically the DCRegister DDNS_RPC_MAX_RECV_SIZE functionality. A specially crafted network packet can trigger a denial-of-service condition, with MITM usage noted in some descriptions. Affected versions include SoftEther VPN 4.41-9782-beta, 5.01.9674, and ...

5.9CVSS6.1AI score0.00957EPSS
CVE
CVE
added 2025/03/12 12:0 a.m.66 views

CVE-2025-25566

The CVE-2025-25566 vulnerability affects SoftEtherVPN 5.02.5187 and is caused by a memory leak in the UnixMemoryAlloc function, leading to potential denial of service. Multiple connected sources confirm the affected software/version and the underlying cause; exploitation status and in-the-wild de...

5.6CVSS6.3AI score0.00292EPSS
CVE
CVE
added 2023/10/12 3:27 p.m.65 views

CVE-2023-31192

The CVE-2023-31192 entry concerns SoftEther VPN 5.01.9674. The vulnerability resides in the ClientConnect() function and is an information-disclosure issue triggered by specially crafted network packets, potentially enabling a man-in-the-middle to exfiltrate sensitive data. Affected component/fil...

5.3CVSS5.5AI score0.00976EPSS
CVE
CVE
added 2023/10/12 3:27 p.m.64 views

CVE-2023-27516

CVE-2023-27516 affects SoftEther VPN 4.41-9782-beta and 5.01.9674, where a flaw in the CiRpcAccepted() function allows authentication bypass via a specially crafted network packet, enabling unauthorized access. The Red Hat, JVN, and other records corroborate the affected versions and the specific...

7.8CVSS7.8AI score0.0053EPSS
CVE
CVE
added 2023/10/12 3:27 p.m.48 views

CVE-2023-32634

CVE-2023-32634 affects SoftEther VPN (CiRpcServerThread) and enables an authentication bypass that can be exploited by a local attacker to mount a man-in-the-middle and access/modify communications. Public listings consistently name SoftEther VPN versions 5.01.9674 and 4.41-9782-beta as affected,...

7.8CVSS7.5AI score0.00426EPSS
CVE
CVE
added 2023/10/12 3:27 p.m.46 views

CVE-2023-23581

CVE-2023-23581 is a SoftEther VPN vulnerability in the vpnserver EnSafeHttpHeaderValueStr function. Talos confirms denial-of-service via specially crafted network packets, affecting SoftEther VPN server versions 5.01.9674 and 5.02. The root cause is an out-of-bounds read triggered during HTTP hea...

7.5CVSS7.5AI score0.00834EPSS
CVE
CVE
added 2023/10/12 3:27 p.m.44 views

CVE-2023-22308

CVE-2023-22308 affects SoftEther VPN vpnserver OpenVPN support. Talos reports an integer underflow in OvsProcessData handling for TCP OpenVPN data, enabling a crafted TCP packet to crash the server (denial of service). OpenVPN traffic is identified by the first two bytes 0x00 0x0E in TCP mode; UD...

7.5CVSS7.5AI score0.00728EPSS