CVE-2023-23581: 
SoftEther VPN Server vulnerability analysis and mitigation

A denial-of-service vulnerability (CVE-2023-23581) exists in the vpnserver EnSafeHttpHeaderValueStr functionality of SoftEther VPN versions 5.01.9674 and 5.02. The vulnerability was discovered by Lilith of Cisco Talos and publicly disclosed on October 12, 2023. SoftEther VPN is a multi-platform VPN project that provides both server and client code to connect over various VPN protocols, including Wireguard, PPTP, SSTP, and L2TP (Talos Report).

The vulnerability is classified as CWE-125 (Out-of-bounds Read) and has a CVSSv3 score of 7.5 (HIGH) with vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H. The issue occurs in the EnSafeHttpHeaderValueStr function when processing HTTP headers containing '\r' or '\n' sequences. The function's implementation causes a one-byte out-of-bounds read when copying from [index + 2] with length - index, potentially accessing the null terminator and the byte immediately after (Talos Report).

When exploited, this vulnerability can lead to a denial of service condition by causing the server to crash. This is achieved through careful heap manipulation that can cause the single byte read to access the first byte of an unmapped page or non-readable page in memory (Talos Report).

The vendor released a patch on April 22, 2023, to address this vulnerability. Users should upgrade to a version newer than 5.02. The fix was implemented through a pull request on Github: https://github.com/SoftEtherVPN/SoftEtherVPN/pull/1829 (Talos Report).