Refine your search
3 vulnerabilities found for SoftEtherVPN by SoftEtherVPN
CVE-2026-39312 (GCVE-0-2026-39312)
Vulnerability from cvelistv5
Published
2026-04-07 16:52
Modified
2026-04-07 17:27
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-789 - Memory Allocation with Excessive Size Value
Summary
SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. In 5.2.5188 and earlier, a pre-authentication denial-of-service vulnerability exists in SoftEther VPN Developer Edition 5.2.5188 (and likely earlier versions of Developer Edition). An unauthenticated remote attacker can crash the vpnserver process by sending a single malformed EAP-TLS packet over raw L2TP (UDP/1701), terminating all active VPN sessions.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SoftEtherVPN | SoftEtherVPN |
Version: <= 5.2.5188 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-39312",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-07T17:27:13.530375Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T17:27:16.498Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/GHSA-q5g3-qhc6-pr3h"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SoftEtherVPN",
"vendor": "SoftEtherVPN",
"versions": [
{
"status": "affected",
"version": "\u003c= 5.2.5188"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. In 5.2.5188 and earlier, a pre-authentication denial-of-service vulnerability exists in SoftEther VPN Developer Edition 5.2.5188 (and likely earlier versions of Developer Edition). An unauthenticated remote attacker can crash the vpnserver process by sending a single malformed EAP-TLS packet over raw L2TP (UDP/1701), terminating all active VPN sessions."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-789",
"description": "CWE-789: Memory Allocation with Excessive Size Value",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-04-07T16:52:08.172Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/GHSA-q5g3-qhc6-pr3h",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/GHSA-q5g3-qhc6-pr3h"
}
],
"source": {
"advisory": "GHSA-q5g3-qhc6-pr3h",
"discovery": "UNKNOWN"
},
"title": "Pre-Auth EAP-TLS DoS on SoftEther VPN Developer Edition"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2026-39312",
"datePublished": "2026-04-07T16:52:08.172Z",
"dateReserved": "2026-04-06T19:31:07.265Z",
"dateUpdated": "2026-04-07T17:27:16.498Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-32787 (GCVE-0-2025-32787)
Vulnerability from cvelistv5
Published
2025-04-16 21:41
Modified
2025-04-17 13:15
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-476 - NULL Pointer Dereference
Summary
SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. Versions 5.02.5184 to 5.02.5187 are vulnerable to NULL dereference in `DeleteIPv6DefaultRouterInRA` called by `StorePacket`. Before dereferencing, `DeleteIPv6DefaultRouterInRA` does not account for `ParsePacket` returning NULL, resulting in the program crashing. A patched version does not exist at this time.
References
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SoftEtherVPN | SoftEtherVPN |
Version: >= 5.02.5184, <= 5.02.5187 |
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-32787",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2025-04-17T13:15:14.404650Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2025-04-17T13:15:18.899Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"references": [
{
"tags": [
"exploit"
],
"url": "https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/GHSA-xw53-587j-mqh6"
}
],
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"product": "SoftEtherVPN",
"vendor": "SoftEtherVPN",
"versions": [
{
"status": "affected",
"version": "\u003e= 5.02.5184, \u003c= 5.02.5187"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. Versions 5.02.5184 to 5.02.5187 are vulnerable to NULL dereference in `DeleteIPv6DefaultRouterInRA` called by `StorePacket`. Before dereferencing, `DeleteIPv6DefaultRouterInRA` does not account for `ParsePacket` returning NULL, resulting in the program crashing. A patched version does not exist at this time."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 3.1,
"baseSeverity": "LOW",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-476",
"description": "CWE-476: NULL Pointer Dereference",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2025-04-16T21:41:15.966Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/GHSA-xw53-587j-mqh6",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/GHSA-xw53-587j-mqh6"
},
{
"name": "https://github.com/SoftEtherVPN/SoftEtherVPN/blob/7006539732c0231d7723623cc8732f94ba2b8c54/src/Cedar/Hub.c#L5112C1-L5116C29",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SoftEtherVPN/SoftEtherVPN/blob/7006539732c0231d7723623cc8732f94ba2b8c54/src/Cedar/Hub.c#L5112C1-L5116C29"
},
{
"name": "https://github.com/SoftEtherVPN/SoftEtherVPN/blob/master/src/Mayaqua/TcpIp.c#L1633",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SoftEtherVPN/SoftEtherVPN/blob/master/src/Mayaqua/TcpIp.c#L1633"
}
],
"source": {
"advisory": "GHSA-xw53-587j-mqh6",
"discovery": "UNKNOWN"
},
"title": "SoftEtherVPN Affected by NULL dereference in DeleteIPv6DefaultRouterInRA"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2025-32787",
"datePublished": "2025-04-16T21:41:15.966Z",
"dateReserved": "2025-04-10T12:51:12.280Z",
"dateUpdated": "2025-04-17T13:15:18.899Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2024-38520 (GCVE-0-2024-38520)
Vulnerability from cvelistv5
Published
2024-06-26 18:59
Modified
2024-08-02 04:12
Severity ?
VLAI Severity ?
EPSS score ?
CWE
- CWE-400 - Uncontrolled Resource Consumption
Summary
SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. When SoftEtherVPN is deployed with L2TP enabled on a device, it introduces the possibility of the host being used for amplification/reflection traffic generation because it will respond to every packet with two response packets that are larger than the request packet size. These sorts of techniques are used by external actors who generate spoofed source IPs to target a destination on the internet. This vulnerability has been patched in version 5.02.5185.
References
| URL | Tags | |
|---|---|---|
Impacted products
| Vendor | Product | Version | ||
|---|---|---|---|---|
| SoftEtherVPN | SoftEtherVPN |
Version: <= 5.02.5183 |
{
"containers": {
"adp": [
{
"affected": [
{
"cpes": [
"cpe:2.3:a:softether:vpn:5.02:*:*:*:*:*:*:*"
],
"defaultStatus": "unknown",
"product": "vpn",
"vendor": "softether",
"versions": [
{
"status": "affected",
"version": "5.02.5185"
}
]
}
],
"metrics": [
{
"other": {
"content": {
"id": "CVE-2024-38520",
"options": [
{
"Exploitation": "poc"
},
{
"Automatable": "no"
},
{
"Technical Impact": "partial"
}
],
"role": "CISA Coordinator",
"timestamp": "2024-06-26T20:51:29.981598Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2024-06-26T20:53:01.101Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
},
{
"providerMetadata": {
"dateUpdated": "2024-08-02T04:12:25.267Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"name": "https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/GHSA-j35p-p8pj-vqxq",
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/GHSA-j35p-p8pj-vqxq"
},
{
"name": "https://github.com/SoftEtherVPN/SoftEtherVPN/commit/c2a7aa548137dc80c6aafdc645cf4dc34e0dc764",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/SoftEtherVPN/SoftEtherVPN/commit/c2a7aa548137dc80c6aafdc645cf4dc34e0dc764"
},
{
"name": "https://github.com/SoftEtherVPN/SoftEtherVPN/releases/tag/5.02.5185",
"tags": [
"x_refsource_MISC",
"x_transferred"
],
"url": "https://github.com/SoftEtherVPN/SoftEtherVPN/releases/tag/5.02.5185"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "SoftEtherVPN",
"vendor": "SoftEtherVPN",
"versions": [
{
"status": "affected",
"version": "\u003c= 5.02.5183"
}
]
}
],
"descriptions": [
{
"lang": "en",
"value": "SoftEtherVPN is a an open-source cross-platform multi-protocol VPN Program. When SoftEtherVPN is deployed with L2TP enabled on a device, it introduces the possibility of the host being used for amplification/reflection traffic generation because it will respond to every packet with two response packets that are larger than the request packet size. These sorts of techniques are used by external actors who generate spoofed source IPs to target a destination on the internet. This vulnerability has been patched in version 5.02.5185.\n"
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "LOW",
"baseScore": 5.3,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "NONE",
"integrityImpact": "NONE",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:L",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-400",
"description": "CWE-400: Uncontrolled Resource Consumption",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2024-07-02T15:16:05.881Z",
"orgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"shortName": "GitHub_M"
},
"references": [
{
"name": "https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/GHSA-j35p-p8pj-vqxq",
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://github.com/SoftEtherVPN/SoftEtherVPN/security/advisories/GHSA-j35p-p8pj-vqxq"
},
{
"name": "https://github.com/SoftEtherVPN/SoftEtherVPN/commit/c2a7aa548137dc80c6aafdc645cf4dc34e0dc764",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SoftEtherVPN/SoftEtherVPN/commit/c2a7aa548137dc80c6aafdc645cf4dc34e0dc764"
},
{
"name": "https://github.com/SoftEtherVPN/SoftEtherVPN/releases/tag/5.02.5185",
"tags": [
"x_refsource_MISC"
],
"url": "https://github.com/SoftEtherVPN/SoftEtherVPN/releases/tag/5.02.5185"
}
],
"source": {
"advisory": "GHSA-j35p-p8pj-vqxq",
"discovery": "UNKNOWN"
},
"title": "SoftEther VPN with L2TP - 2.75x Amplification"
}
},
"cveMetadata": {
"assignerOrgId": "a0819718-46f1-4df5-94e2-005712e83aaa",
"assignerShortName": "GitHub_M",
"cveId": "CVE-2024-38520",
"datePublished": "2024-06-26T18:59:25.088Z",
"dateReserved": "2024-06-18T16:37:02.728Z",
"dateUpdated": "2024-08-02T04:12:25.267Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}