CVE-2014-8104 — Openvpn vulnerability

CWE-3998 documents6 sources

Severity

6.8MEDIUMNVD

EPSS

2.1%

top 15.81%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openvpn Debian Openvpn Canonical Ubuntu Linux +4 more

Timeline

PublishedDec 3

Latest updateMay 13

Description

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.

CVSS vector

AV:N/AC:L/C:N/I:N/A:CExploitability: 8.0 | Impact: 6.9

Affected Packages6 packages

▶NVDopenvpn/openvpn_access_server9 versions+8

▶debiandebian/openvpn< openvpn 2.3.4-5 (bookworm)

▶Debianopenvpn/openvpn< 2.3.4-5+3

▶NVDopenvpn/openvpn78 versions+77

▶NVDmageia/mageia4.0

Also affects: Debian Linux 7.0, 8.0, Ubuntu Linux 12.04, 14.04, 14.10

🔴Vulnerability Details

GHSA

GHSA-p2qj-cw7j-f6wr: OpenVPN 2↗2022-05-13

▶

OSV

CVE-2014-8104: OpenVPN 2↗2014-12-03

▶

📋Vendor Advisories

Ubuntu

OpenVPN vulnerability↗2014-12-02

▶

Debian

CVE-2014-8104: openvpn - OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 all...↗2014

▶

💬Community

Bugzilla

CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by sending a too-short control channel packet to server [epel-all]↗2014-12-01

▶

Bugzilla

CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by sending a too-short control channel packet to server [fedora-all]↗2014-12-01

▶

Bugzilla

CVE-2014-8104 openvpn: authenticated user can DoS OpenVPN by sending a too-short control channel packet to server↗2014-11-21

▶