CVSS: 9.0EPSS: 0%CPEs: 3EXPL: 1CVE-2023-27395
https://notcve.org/view.php?id=CVE-2023-27395
A heap-based buffer overflow vulnerability exists in the vpnserver WpcParsePacket() functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to arbitrary code execution. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento de búfer en la funcionalidad vpnserver WpcParsePacket() de SoftEther VPN 4.41-9782-beta, 5.01.9674 y 5.02. Un paquete de red especialmente manipulado puede provocar la ejecución de código arbitrario. • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1735 https://www.softether.org/9-about/News/904-SEVPN202301 • CWE-122: Heap-based Buffer Overflow CWE-787: Out-of-bounds Write •
CVSS: 5.9EPSS: 0%CPEs: 3EXPL: 1CVE-2023-22325
https://notcve.org/view.php?id=CVE-2023-22325
A denial of service vulnerability exists in the DCRegister DDNS_RPC_MAX_RECV_SIZE functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can perform a man-in-the-middle attack to trigger this vulnerability. Existe una vulnerabilidad de denegación de servicio en la funcionalidad DCRegister DDNS_RPC_MAX_RECV_SIZE de SoftEther VPN 4.41-9782-beta, 5.01.9674 y 5.02. Un paquete de red especialmente manipulado puede provocar una Denegación de Servicio (DoS). • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1736 https://www.softether.org/9-about/News/904-SEVPN202301 • CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop') •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-22308
https://notcve.org/view.php?id=CVE-2023-22308
An integer underflow vulnerability exists in the vpnserver OvsProcessData functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this vulnerability. Existe una vulnerabilidad de desbordamiento de enteros en la funcionalidad vpnserver OvsProcessData de SoftEther VPN 5.01.9674 y 5.02. Un paquete de red especialmente manipulado puede provocar una Denegación de Servicio (DoS). • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1737 • CWE-191: Integer Underflow (Wrap or Wraparound) •
CVSS: 7.5EPSS: 0%CPEs: 2EXPL: 1CVE-2023-23581
https://notcve.org/view.php?id=CVE-2023-23581
A denial-of-service vulnerability exists in the vpnserver EnSafeHttpHeaderValueStr functionality of SoftEther VPN 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. Existe una vulnerabilidad de denegación de servicio en la funcionalidad vpnserver EnSafeHttpHeaderValueStr de SoftEther VPN 5.01.9674 y 5.02. Un paquete de red especialmente manipulado puede provocar una Denegación de Servicio (DoS). • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1741 • CWE-125: Out-of-bounds Read •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2023-25774
https://notcve.org/view.php?id=CVE-2023-25774
A denial-of-service vulnerability exists in the vpnserver ConnectionAccept() functionality of SoftEther VPN 5.02. A set of specially crafted network connections can lead to denial of service. An attacker can send a sequence of malicious packets to trigger this vulnerability. Existe una vulnerabilidad de Denegación de Servicio (DoS) en la funcionalidad vpnserver ConnectionAccept() de SoftEther VPN 5.02. Un conjunto de conexiones de red especialmente manipuladas puede provocar una Denegación de Servicio (DoS). • https://talosintelligence.com/vulnerability_reports/TALOS-2023-1743 • CWE-400: Uncontrolled Resource Consumption •