CVE-2023-22325

Summary

A denial of service vulnerability exists in the DCRegister DDNS_RPC_MAX_RECV_SIZE functionality of SoftEther VPN 4.41-9782-beta, 5.01.9674 and 5.02. A specially crafted network packet can lead to denial of service. An attacker can perform a man-in-the-middle attack to trigger this vulnerability.

Affected Software

VendorProductVersion RangeStatus
SoftEther VPNSoftEther VPN4.41-9782-betaaffected
SoftEther VPNSoftEther VPN5.01.9674affected
SoftEther VPNSoftEther VPN5.02affected

Weaknesses

  • CWE-835: CWE-835: Loop with Unreachable Exit Condition ('Infinite Loop')

ADP Enrichment

CVE Program Container

Additional References

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: poc
    • Automatable: no
    • Technical Impact: partial

References