Primary

Context

SoftEther VPN Memory Leak Vulnerability Leading to Denial-of-Service

Vulnerability

A memory leak vulnerability has been identified in SoftEther VPN version 5.02.5187. This vulnerability allows an attacker to cause a denial-of-service condition by exploiting the UnixMemoryAlloc function. The issue arises because the function allocates 576 bytes of memory without a corresponding deallocation, leading to a direct memory leak.

Impact

Exploitation of this vulnerability causes a memory leak, where allocated memory is not properly released, potentially leading to increased memory usage and a denial-of-service condition.

Reproduction

To reproduce this vulnerability, use the vpncmd binary file and provide 136 bytes of input to bypass the main menu and access the VPN Tools menu. After entering 'quit', the program will leak 576 bytes of memory.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

2.5

exploitability

9.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

2.5

exploitability

9.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SoftEther VPN Memory Leak Vulnerability Leading to Denial-of-Service

Vulnerability

Impact

Reproduction

Affected Products

SoftEtherVPN

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating