SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in the Command.c file via the PtMakeCert and PtMakeCert2048 functions. NOTE: the Supplier disputes this because the behavior only allows a user to attack himself by typing a long string on a command line.
The vulnerability stems from a lack of proper validation of input data length (CWE-120 – classic buffer overflow without boundary checking) in the PtMakeCert and PtMakeCert2048 functions in the Command.c file. Passing an excessively long string as an argument causes a buffer overflow in memory. According to the vendor, the attack scenario is limited to a local command line handled by the user themselves, which significantly limits the actual exploitation vector.
If the vulnerability were successfully exploited, an attacker could potentially gain full control over the confidentiality, integrity, and availability of the system (CVSS score: C:H/I:H/A:H). However, the vendor reserves that in practice, a user can only harm their own session by intentionally entering malicious input.
Apply patches available from the vendor according to the references. Due to the vendor's questioning of the vulnerability, it is recommended to monitor official SoftEther VPN communications and apply the principle of least privilege when accessing the VPN command-line interface.
SoftEther VPN version 5.02.5187
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:HSoftether Vpn
APPSoftether5.02.5187
Related vulnerabilities
Buffer overflow w SoftEther VPN – funkcja UniToStrForSingleChars
Use-after-free w SoftEther VPN 5.02.5187 – Command.c (CheckNetworkAcceptThread)
A heap-based buffer overflow vulnerability exists in the vpnserver WpcParsePacket() functionality of SoftEther...
A denial-of-service vulnerability exists in the vpnserver EnSafeHttpHeaderValueStr functionality of SoftEther ...
A denial-of-service vulnerability exists in the vpnserver ConnectionAccept() functionality of SoftEther VPN 5....