Drake C.

I am a penetration tester and security researcher.

less than 1 minute read

Summary

SoftEtherVPN 5.02.5187 is vulnerble to denial of service via the UnixMemoryAlloc function.

To exploit this vulnerability, an attacker must utilize the vpncmd binary file and supply 136 bytes of input to circumvent the main menu and be presented with the VPN Tools menu. After inputting quit, the program will cause a direct leak of 576 bytes.

Details

The memory leak exists at line 2177 of the UnixMemoryAlloc function within SoftEtherVPN/src/Mayaqua/Unix.c. The function allocated 576 bytes, but there was no corresponding de-allocation for these bytes.

void *UnixMemoryAlloc(UINT size)
{
	void *r;
	pthread_mutex_lock(&malloc_lock);
	r = malloc(size);
	pthread_mutex_unlock(&malloc_lock);
	return r;
}

ML2 Screenshot 2025-01-10 074209

Updated:

You may also enjoy

Cve 2025 25568

less than 1 minute read

Summary SoftEtherVPN 5.02.5187 is vulnerable to Use after Free in the Command.c file via the CheckNetworkAcceptThread function.

Cve 2025 25567

1 minute read

Summary SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in Internat.c via the UniToStrForSingleChars function.

Cve 2025 25565

1 minute read

Summary SoftEther VPN 5.02.5187 is vulnerable to Buffer Overflow in the Command.c file via the PtMakeCert and PtMakeCert2048 functions.