CVE-2023-22325: 
SoftEther VPN Server vulnerability analysis and mitigation

A denial of service vulnerability exists in the DCRegister DDNS_RPC_MAX_RECV_SIZE functionality of SoftEther VPN versions 4.41-9782-beta, 5.01.9674 and 5.02. The vulnerability was discovered by Lilith of Cisco Talos and publicly disclosed on October 12, 2023. This vulnerability allows an attacker to perform a man-in-the-middle attack that can lead to denial of service by sending specially crafted network packets (Talos Report, SoftEther Advisory).

The vulnerability exists in the DDNS client functionality of SoftEther VPN. It involves an integer overflow condition in the buffer size calculation when processing DDNS responses. The vulnerability has a CVSS v3.1 score of 5.9 (Medium) with vector AV:N/AC:H/PR:N/UI:N/S:U/C:N/I:N/A:H. It is classified as CWE-835 (Loop with Unreachable Exit Condition - 'Infinite Loop'). The issue occurs when processing responses with content length greater than 0x80000000, leading to an infinite loop in the buffer size adjustment function (Talos Report).

When successfully exploited, this vulnerability results in a denial of service condition affecting the DDNS client thread of the VPN server. While this only denies service to a single thread, it makes the server inaccessible through NAT or firewalls, effectively denying one of the major use-cases of this product (Talos Report).

The vendor has released a patch to address this vulnerability in version 4.42 Build 9798 RTM and later. Users are advised to upgrade to the latest version. The patch includes changes to the communication between the DNS client function and the DDNS server function, converting it from HTTP to SSL for additional security (SoftEther Advisory).

The vulnerability was discovered during a high-level code review and technical assistance provided by Cisco Systems to the SoftEther VPN project. While the risk of exploitation is considered low under normal usage and environment, the fix was deemed important due to SoftEther VPN's widespread use by 7.4 million unique users worldwide (SoftEther Advisory).