A security audit of the widely used SoftEther VPN open source VPN
client and server software  has uncovered 11 remote security
vulnerabilities. The audit has been commissioned by the Max Planck
Institute for Molecular Genetics  and performed by Guido Vranken
. The issues found range from denial-of-service resulting from
memory leaks to memory corruption.
The 80 hour security audit has relied extensively on the use of
fuzzers , an approach that has proven its worth earlier with the
discovery of several remote vulnerabilities in OpenVPN in June of 2017
. The modifications made to the SoftEther VPN source code to make
it suitable for fuzzing and original code written for this project are
open source . The work will be made available to Google’s OSS-Fuzz
initiative  for continued protection of SoftEther VPN against
security vulnerabilities. An updated version of SoftEther VPN that
resolves all discovered security vulnerabilities is available for
download immediately .