Login Sign Up

CVE-2023-22308

7.5 HIGH
Denial of Service

📋 TL;DR

An integer underflow vulnerability in SoftEther VPN's vpnserver OvsProcessData functionality allows attackers to cause denial of service by sending specially crafted network packets. This affects SoftEther VPN servers running vulnerable versions, potentially disrupting VPN connectivity for all users.

💻 Affected Systems

Products:
  • SoftEther VPN Server
Versions: 5.01.9674 and 5.02
Operating Systems: All platforms running SoftEther VPN Server
Default Config Vulnerable: ⚠️ Yes
Notes: All configurations using the vulnerable vpnserver component are affected.

📦 What is this software?

Vpn by Softether

View all CVEs affecting Vpn →

Vpn by Softether

View all CVEs affecting Vpn →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete VPN service disruption, preventing all remote access and network connectivity through the VPN server.

🟠

Likely Case

Service crash requiring manual restart of the vpnserver process, causing temporary VPN outage.

🟢

If Mitigated

Minimal impact if patched or network controls prevent malicious packets from reaching the VPN server.

🌐 Internet-Facing: HIGH - VPN servers are typically internet-facing and directly accessible to attackers.
🏢 Internal Only: MEDIUM - Internal attackers could still exploit if they have network access to the VPN server.

🎯 Exploit Status

Public PoC: ✅ No
Weaponized: UNKNOWN
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Exploitation requires sending a crafted network packet to the VPN server port.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 5.02.5180 or later

Vendor Advisory: https://github.com/SoftEtherVPN/SoftEtherVPN_Stable/releases

Restart Required: Yes

Instructions:

1. Download latest version from SoftEther VPN website. 2. Stop vpnserver service. 3. Backup configuration. 4. Install updated version. 5. Restart vpnserver service.

🔧 Temporary Workarounds

Network Access Control

linux

Restrict access to VPN server ports to trusted IP addresses only.

iptables -A INPUT -p tcp --dport 443,992,1194,5555 -s TRUSTED_IP -j ACCEPT
iptables -A INPUT -p tcp --dport 443,992,1194,5555 -j DROP

Service Monitoring and Auto-restart

linux

Configure monitoring to automatically restart vpnserver if it crashes.

systemctl enable vpnserver
systemctl start vpnserver

🧯 If You Can't Patch

  • Implement strict network segmentation and firewall rules to limit access to VPN server
  • Deploy intrusion detection/prevention systems to detect and block malicious packets

🔍 How to Verify

Check if Vulnerable:

Check SoftEther VPN version: vpncmd localhost /SERVER /CMD About

Check Version:

vpncmd localhost /SERVER /CMD About | grep Version

Verify Fix Applied:

Verify version is 5.02.5180 or later using same command

📡 Detection & Monitoring

Log Indicators:

  • vpnserver process crashes
  • unexpected service restarts
  • abnormal packet size in logs

Network Indicators:

  • Malformed packets to VPN server ports (443, 992, 1194, 5555)
  • Sudden drop in VPN connections

SIEM Query:

source="vpnserver.log" AND ("crash" OR "segmentation fault" OR "abnormal packet")

📊 Metadata

CVE ID: CVE-2023-22308
CVSS v3 Score: 7.5 (HIGH)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H
CWE: CWE-191
Published: October 12, 2023
Last Updated: November 21, 2024

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2023-22308, you might also want to check these:

CVE-2025-29909 9.8

A heap buffer overflow vulnerability in CryptoLib's Crypto_TC_ApplySecurity() function allows attack...

Same vulnerability type (CWE-191)
CVE-2020-3691 9.8

This vulnerability allows integer underflow in Qualcomm Snapdragon audio processing, potentially lea...

Same vulnerability type (CWE-191)
CVE-2023-21708 9.8

This is a critical Remote Procedure Call Runtime vulnerability that allows unauthenticated attackers...

Same vulnerability type (CWE-191)