cbcvebase.
CVE-2014-8104
published 2014-12-03

CVE-2014-8104: OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via…

PriorityP427medium6.8CVSS 2.0
AVNACLAuSCNINAC
EPSS
3.48%
87.6th percentile
OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.

Affected

101 ranges· showing 25
VendorProductVersion rangeFixed in
canonicalubuntu_linux
canonicalubuntu_linux
canonicalubuntu_linux
debiandebian_linux
debiandebian_linux
debianopenvpn< openvpn 2.3.4-5 (bookworm)openvpn 2.3.4-5 (bookworm)
mageiamageia
opensuseopensuse
opensuseopensuse
opensuseopensuse
openvpnopenvpn
openvpnopenvpn
openvpnopenvpn
openvpnopenvpn
openvpnopenvpn
openvpnopenvpn
openvpnopenvpn
openvpnopenvpn
openvpnopenvpn
openvpnopenvpn
openvpnopenvpn
openvpnopenvpn
openvpnopenvpn
openvpnopenvpn
openvpnopenvpn

CVSS provenance

nvdv2.06.8MEDIUMAV:N/AC:L/Au:S/C:N/I:N/A:C
osv6.8MEDIUM
vendor_debian6.8MEDIUM
Stop checking back — get the weekly exploitation signal.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.