13 matches found
CVE-2025-25565
SoftEther VPN 5.02.5187 is affected by CVE-2025-25565 due to a Buffer Overflow in the Command.c file, exploitable via the PtMakeCert and PtMakeCert2048 functions. Records consistently describe a buffer overflow in these functions; the supplier disputes the claim (the provider notes the behavior c...
CVE-2023-27395
CVE-2023-27395 is a heap-based buffer overflow in SoftEther VPN’s vpnserver WpcParsePacket() used by SoftEther VPN 4.41-9782-beta, 5.01.9674, and 5.02. A specially crafted network packet can trigger arbitrary code execution, with the attacker able to perform a man-in-the-middle attack to trigger ...
CVE-2025-25567
CVE-2025-25567 affects SoftEther VPN version 5.02.5187, where a Buffer Overflow occurs in Internat.c via the UniToStrForSingleChars function. The NVD/Red Hat/PTSecurity and vuln enrichment entries concur on the vulnerability class, with an extremely high CVSS3.1 base score (9.8) and impact to con...
CVE-2025-25568
SoftEtherVPN 5.02.5187 is affected by a Use-After-Free in the Command.c file via the CheckNetworkAcceptThread function. Public descriptions consistently attribute the issue to a use-after-free condition, with the supplier noting the issue may originate in a separate stress-testing tool rather tha...
CVE-2023-25774
CVE-2023-25774: Talos reports a denial-of-service in SoftEther VPN 5.01.9674 and 5.02 due to a vulnerability in vpnserver ConnectionAccept() that can exhaust resources by spawning many threads. Root cause appears to be synchronization/locking leading to long delays and eventual server crash under...
CVE-2023-32275
CVE-2023-32275 concerns SoftEther VPN and PacketiX VPN. The vulnerability lies in the CtEnumCa() function, affecting SoftEther VPN versions 4.41-9782-beta and 5.01.9674. By sending specially crafted network packets, an attacker can trigger information disclosure, exposing sensitive data. Several ...
CVE-2023-22325
CVE-2023-22325 affects SoftEther VPN, specifically the DCRegister DDNS_RPC_MAX_RECV_SIZE functionality. A specially crafted network packet can trigger a denial-of-service condition, with MITM usage noted in some descriptions. Affected versions include SoftEther VPN 4.41-9782-beta, 5.01.9674, and ...
CVE-2025-25566
The CVE-2025-25566 vulnerability affects SoftEtherVPN 5.02.5187 and is caused by a memory leak in the UnixMemoryAlloc function, leading to potential denial of service. Multiple connected sources confirm the affected software/version and the underlying cause; exploitation status and in-the-wild de...
CVE-2023-31192
The CVE-2023-31192 entry concerns SoftEther VPN 5.01.9674. The vulnerability resides in the ClientConnect() function and is an information-disclosure issue triggered by specially crafted network packets, potentially enabling a man-in-the-middle to exfiltrate sensitive data. Affected component/fil...
CVE-2023-27516
CVE-2023-27516 affects SoftEther VPN 4.41-9782-beta and 5.01.9674, where a flaw in the CiRpcAccepted() function allows authentication bypass via a specially crafted network packet, enabling unauthorized access. The Red Hat, JVN, and other records corroborate the affected versions and the specific...
CVE-2023-32634
CVE-2023-32634 affects SoftEther VPN (CiRpcServerThread) and enables an authentication bypass that can be exploited by a local attacker to mount a man-in-the-middle and access/modify communications. Public listings consistently name SoftEther VPN versions 5.01.9674 and 4.41-9782-beta as affected,...
CVE-2023-23581
CVE-2023-23581 is a SoftEther VPN vulnerability in the vpnserver EnSafeHttpHeaderValueStr function. Talos confirms denial-of-service via specially crafted network packets, affecting SoftEther VPN server versions 5.01.9674 and 5.02. The root cause is an out-of-bounds read triggered during HTTP hea...
CVE-2023-22308
CVE-2023-22308 affects SoftEther VPN vpnserver OpenVPN support. Talos reports an integer underflow in OvsProcessData handling for TCP OpenVPN data, enabling a crafted TCP packet to crash the server (denial of service). OpenVPN traffic is identified by the first two bytes 0x00 0x0E in TCP mode; UD...