Primary

Context

SoftEther VPN Buffer Overflow Vulnerability in Internat.c

Vulnerability

A stack-based buffer overflow vulnerability has been identified in SoftEther VPN version 5.02.5187. The issue arises in the Internat.c file, specifically within the UniToStrForSingleChars function. The vulnerability allows an attacker to overflow a local variable and gain control of the instruction pointer. Exploitation requires using the vpncmd binary and providing an input of 137 bytes.

Impact

Exploitation of this vulnerability leads to a stack-based buffer overflow, allowing for arbitrary code execution or control over the execution flow.

Reproduction

To reproduce this vulnerability, use the vpncmd binary file and input a string of 137 bytes. The input will overflow a buffer in the UniToInt function, specifically in the Internat.c file, at an offset of 160 bytes.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

10.0

exploitability

9.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

7.6

impact

10.0

exploitability

9.7

remediation

0.0

relevance

0.0

threat

6.4

urgency

2.9

incentive

10.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

SoftEther VPN Buffer Overflow Vulnerability in Internat.c

Vulnerability

Impact

Reproduction

Affected Products

SoftEther VPN

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating