CVE-2014-8104
UnknownEPSS 3.48%
Last modified
CVE-2014-8104 is a vulnerability of currently unknown severity. OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.. EPSS estimates a 3.48% chance of exploitation in the next 30 days.
Description
OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.
Metrics
Weakness Enumeration
Affected Software
| Vendor | Product | Versions | Update |
|---|---|---|---|
| Mageia | Mageia | 4.0 | — |
| Debian | Debian Linux | 7.0 | — |
| Debian | Debian Linux | 8.0 | — |
| Opensuse | Opensuse | 12.3 | — |
| Opensuse | Opensuse | 13.1 | — |
| Opensuse | Opensuse | 13.2 | — |
| Openvpn | Openvpn | 2.0.1_rc1 | — |
| Openvpn | Openvpn | 2.0.1_rc2 | — |
| Openvpn | Openvpn | 2.0.1_rc3 | — |
| Openvpn | Openvpn | 2.0.1_rc4 | — |
| Openvpn | Openvpn | 2.0.1_rc5 | — |
| Openvpn | Openvpn | 2.0.1_rc6 | — |
| Openvpn | Openvpn | 2.0.1_rc7 | — |
| Openvpn | Openvpn | 2.0.2_rc1 | — |
| Openvpn | Openvpn | 2.0.3_rc1 | — |
| Openvpn | Openvpn | 2.0.4 | — |
| Openvpn | Openvpn | 2.0.6_rc1 | — |
| Openvpn | Openvpn | 2.0.9 | — |
| Openvpn | Openvpn | 2.0_rc1 | — |
| Openvpn | Openvpn | 2.0_rc2 | — |
| Openvpn | Openvpn | 2.0_rc3 | — |
| Openvpn | Openvpn | 2.0_rc4 | — |
| Openvpn | Openvpn | 2.0_rc5 | — |
| Openvpn | Openvpn | 2.0_rc6 | — |
| Openvpn | Openvpn | 2.0_rc7 | — |
| Openvpn | Openvpn | 2.0_rc8 | — |
| Openvpn | Openvpn | 2.0_rc9 | — |
| Openvpn | Openvpn | 2.0_rc10 | — |
| Openvpn | Openvpn | 2.0_rc11 | — |
| Openvpn | Openvpn | 2.0_rc12 | — |
| Openvpn | Openvpn | 2.0_rc13 | — |
| Openvpn | Openvpn | 2.0_rc14 | — |
| Openvpn | Openvpn | 2.0_rc15 | — |
| Openvpn | Openvpn | 2.0_rc16 | — |
| Openvpn | Openvpn | 2.0_rc17 | — |
| Openvpn | Openvpn | 2.0_rc18 | — |
| Openvpn | Openvpn | 2.0_rc19 | — |
| Openvpn | Openvpn | 2.0_rc20 | — |
| Openvpn | Openvpn | 2.0_rc21 | — |
| Openvpn | Openvpn | 2.0_test1 | — |
| Openvpn | Openvpn | 2.0_test2 | — |
| Openvpn | Openvpn | 2.0_test3 | — |
| Openvpn | Openvpn | 2.0_test4 | — |
| Openvpn | Openvpn | 2.0_test5 | — |
| Openvpn | Openvpn | 2.0_test6 | — |
| Openvpn | Openvpn | 2.0_test7 | — |
| Openvpn | Openvpn | 2.0_test8 | — |
| Openvpn | Openvpn | 2.0_test9 | — |
| Openvpn | Openvpn | 2.0_test10 | — |
| Openvpn | Openvpn | 2.0_test11 | — |
Showing 50 of 96 affected configurations. See NVD for the full list.
References
- http://advisories.mageia.org/MGASA-2014-0512.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00008.htmlThird Party Advisory
- http://www.debian.org/security/2014/dsa-3084Third Party Advisory
- http://www.ubuntu.com/usn/USN-2430-1Third Party Advisory
- http://advisories.mageia.org/MGASA-2014-0512.htmlThird Party Advisory
- http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00008.htmlThird Party Advisory
- http://www.debian.org/security/2014/dsa-3084Third Party Advisory
- http://www.ubuntu.com/usn/USN-2430-1Third Party Advisory
Timeline
- Published
- Last Modified
- Status
- Modified
Frequently Asked Questions
What is CVE-2014-8104?
OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.
How severe is CVE-2014-8104?
Severity scoring for CVE-2014-8104 is pending analysis. The EPSS model estimates a 3.48% probability of exploitation in the next 30 days.
How do I fix CVE-2014-8104?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.
Are you affected by CVE-2014-8104?
Run a free Strix scan to check your systems for this vulnerability.
Scan your code nowSource: NVD / NIST