CVE-2023-27395: 
SoftEther VPN Server vulnerability analysis and mitigation

A heap-based buffer overflow vulnerability (CVE-2023-27395) exists in the vpnserver WpcParsePacket() functionality of SoftEther VPN versions 4.41-9782-beta, 5.01.9674 and 5.02. The vulnerability was discovered by Lilith of Cisco Talos and disclosed on October 12, 2023. This vulnerability could allow an attacker to execute arbitrary code through a specially crafted network packet via a man-in-the-middle attack (Talos Report).

The vulnerability exists in the DDNS client functionality of SoftEther VPN. When processing DDNS registration packets, the WpcParsePacket() function fails to properly validate buffer sizes during base64 decoding operations. Specifically, when handling a crafted packet with "PACK00000000" followed by multiple "B" characters, the function incorrectly calculates buffer sizes leading to a heap overflow condition. The vulnerability has a CVSS v3.1 score of 9.0 (CRITICAL) with vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H (Talos Report).

A successful exploitation of this vulnerability could lead to arbitrary code execution on the targeted system. Additionally, it could cause the VPN server program to crash, disconnecting all users and making VPN communication unavailable until the process is restarted (SoftEther Advisory).

The vulnerability has been patched in SoftEther VPN version 4.42 Build 9798 RTM and later releases. The patch includes changes to prevent heap overflow and modifications to the communication between the DNS client function and the DDNS server function, converting it from HTTP to SSL for additional security (SoftEther Advisory).

The vulnerability was discovered during a high-level code review and technical assistance provided by Cisco Systems to the SoftEther VPN project. While the risk of exploitation is considered low under normal usage and environment, the fix was deemed important due to SoftEther VPN's widespread use by 7.4 million unique users worldwide (SoftEther Advisory).