CVE-2023-22308

Name of the Vulnerable Software and Affected Versions SoftEther VPN versions 5.01.9674 through 5.02

Description An integer underflow vulnerability exists in the vpnserver OvsProcessData functionality. A specially crafted network packet can lead to denial of service. An attacker can send a malicious packet to trigger this issue.

Recommendations For versions 5.01.9674 through 5.02, consider disabling the OvsProcessData functionality until a patch is available. Restrict access to the vpnserver to minimize the risk of exploitation. Avoid using the vulnerable functionality in the vpnserver until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this issue.