CVSS 3.1 Score 7.5 of 10 (high)


Published Oct 12, 2023
Updated: Oct 18, 2023
CWE ID 191


CVE-2023-22308 is an integer underflow vulnerability that affects SoftEther VPN versions 5.01.9674 and 5.02. This vulnerability exists in the vpnserver OvsProcessData functionality and can be triggered by a specially crafted network packet, leading to denial of service. The affected products are tzul2R and tzul2S. The base severity of this vulnerability is rated as HIGH, with a base score of 7.5 according to the National Vulnerability Database (NVD). It has a CVSS vector string of "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H". No user interaction or privileges are required for exploitation, and the attack vector is through the network. The potential danger it poses to an organization is a disruption of availability, with an impact score of 3.6, and the exploitability score is 3.9 out of 10. It is recommended to remediate this vulnerability by updating to a patched version provided by SoftEther VPN.

Note: The analysis description for this vulnerability was not provided in the source text.

Explore Beyond the CVE Basics with Recorded Future's Vulnerability Intelligence

Note: This is just a basic overview providing quick insights into CVE-2023-22308 information. Gain full access to comprehensive CVE data, risk scores, prioritization, and mitigation data through Recorded Future's Vulnerability Intelligence:
  • Prioritize with Risk-Based Scoring
  • Explore the Extensive Vulnerability Database
  • Receive Early Alerts on Emerging CVEs
  • Focus on Critical Exploitable Vulnerabilities
  • Streamline Remediation with Integration Options