CVE-2014-8104

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
6.8 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:S/C:N/I:N/A:C
redhatCNA
---
---
CVEADP
---
---
Base Score
CVSS 3.x
EPSS Score
Percentile: 79%
VendorProductVersion
mageiamageia
4.0
debiandebian_linux
7.0
debiandebian_linux
8.0
opensuseopensuse
12.3
opensuseopensuse
13.1
opensuseopensuse
13.2
openvpnopenvpn
2.0.1_rc1:_rc1
openvpnopenvpn
2.0.1_rc2:_rc2
openvpnopenvpn
2.0.1_rc3:_rc3
openvpnopenvpn
2.0.1_rc4:_rc4
openvpnopenvpn
2.0.1_rc5:_rc5
openvpnopenvpn
2.0.1_rc6:_rc6
openvpnopenvpn
2.0.1_rc7:_rc7
openvpnopenvpn
2.0.2_rc1:_rc1
openvpnopenvpn
2.0.3_rc1:_rc1
openvpnopenvpn
2.0.4
openvpnopenvpn
2.0.6_rc1:_rc1
openvpnopenvpn
2.0.9
openvpnopenvpn
2.0_rc1:_rc1
openvpnopenvpn
2.0_rc2:_rc2
openvpnopenvpn
2.0_rc3:_rc3
openvpnopenvpn
2.0_rc4:_rc4
openvpnopenvpn
2.0_rc5:_rc5
openvpnopenvpn
2.0_rc6:_rc6
openvpnopenvpn
2.0_rc7:_rc7
openvpnopenvpn
2.0_rc8:_rc8
openvpnopenvpn
2.0_rc9:_rc9
openvpnopenvpn
2.0_rc10:_rc10
openvpnopenvpn
2.0_rc11:_rc11
openvpnopenvpn
2.0_rc12:_rc12
openvpnopenvpn
2.0_rc13:_rc13
openvpnopenvpn
2.0_rc14:_rc14
openvpnopenvpn
2.0_rc15:_rc15
openvpnopenvpn
2.0_rc16:_rc16
openvpnopenvpn
2.0_rc17:_rc17
openvpnopenvpn
2.0_rc18:_rc18
openvpnopenvpn
2.0_rc19:_rc19
openvpnopenvpn
2.0_rc20:_rc20
openvpnopenvpn
2.0_rc21:_rc21
openvpnopenvpn
2.0_test1:_test1
openvpnopenvpn
2.0_test2:_test2
openvpnopenvpn
2.0_test3:_test3
openvpnopenvpn
2.0_test4:_test4
openvpnopenvpn
2.0_test5:_test5
openvpnopenvpn
2.0_test6:_test6
openvpnopenvpn
2.0_test7:_test7
openvpnopenvpn
2.0_test8:_test8
openvpnopenvpn
2.0_test9:_test9
openvpnopenvpn
2.0_test10:_test10
openvpnopenvpn
2.0_test11:_test11
openvpnopenvpn
2.0_test12:_test12
openvpnopenvpn
2.0_test14:_test14
openvpnopenvpn
2.0_test15:_test15
openvpnopenvpn
2.0_test16:_test16
openvpnopenvpn
2.0_test17:_test17
openvpnopenvpn
2.0_test18:_test18
openvpnopenvpn
2.0_test19:_test19
openvpnopenvpn
2.0_test20:_test20
openvpnopenvpn
2.0_test21:_test21
openvpnopenvpn
2.0_test22:_test22
openvpnopenvpn
2.0_test23:_test23
openvpnopenvpn
2.0_test24:_test24
openvpnopenvpn
2.0_test25:_test25
openvpnopenvpn
2.0_test26:_test26
openvpnopenvpn
2.0_test27:_test27
openvpnopenvpn
2.0_test28:_test28
openvpnopenvpn
2.0_test29:_test29
openvpnopenvpn
2.1:beta-1
openvpnopenvpn
2.1:beta-10
openvpnopenvpn
2.1:beta-11
openvpnopenvpn
2.1:beta-12
openvpnopenvpn
2.1:beta-13
openvpnopenvpn
2.1:beta-14
openvpnopenvpn
2.1:beta-15
openvpnopenvpn
2.1:beta-16
openvpnopenvpn
2.1:beta-2
openvpnopenvpn
2.1:beta-3
openvpnopenvpn
2.1:beta-4
openvpnopenvpn
2.1:beta-5
openvpnopenvpn
2.1:beta-6
openvpnopenvpn
2.1:beta-7
openvpnopenvpn
2.1:beta-8
openvpnopenvpn
2.1:beta-9
openvpnopenvpn
2.1:rc_1
openvpnopenvpn
2.1:rc_10
openvpnopenvpn
2.1:rc_11
openvpnopenvpn
2.1:rc_12
openvpnopenvpn
2.1:rc_13
openvpnopenvpn
2.1:rc_14
openvpnopenvpn
2.1:rc_15
openvpnopenvpn
2.1:rc_16
openvpnopenvpn
2.1:rc_17
openvpnopenvpn
2.1:rc_18
openvpnopenvpn
2.1:rc_19
openvpnopenvpn
2.1:rc_2
openvpnopenvpn
2.1:rc_20
openvpnopenvpn
2.1:rc_21
openvpnopenvpn
2.1:rc_22
openvpnopenvpn
2.1:rc_3
openvpnopenvpn
2.1:rc_4
openvpnopenvpn
2.1:rc_5
openvpnopenvpn
2.1:rc_6
openvpnopenvpn
2.1:rc_7
openvpnopenvpn
2.1:rc_8
openvpnopenvpn
2.1:rc_9
openvpnopenvpn
2.1.0
openvpnopenvpn
2.1.1
openvpnopenvpn
2.1.2
openvpnopenvpn
2.1.3
openvpnopenvpn
2.1.4
openvpnopenvpn
2.2:beta1
openvpnopenvpn
2.2:beta2
openvpnopenvpn
2.2:beta3
openvpnopenvpn
2.2:beta4
openvpnopenvpn
2.2:beta5
openvpnopenvpn
2.2.0
openvpnopenvpn
2.2.1
openvpnopenvpn
2.2.2
openvpnopenvpn
2.3:alpha1
openvpnopenvpn
2.3:alpha2
openvpnopenvpn
2.3:alpha3
openvpnopenvpn
2.3:beta1
openvpnopenvpn
2.3:rc1
openvpnopenvpn
2.3:rc2
openvpnopenvpn
2.3.0
openvpnopenvpn
2.3.1
openvpnopenvpn
2.3.2
openvpnopenvpn
2.3.3
openvpnopenvpn
2.3.4
openvpnopenvpn
2.3.5
openvpnopenvpn_access_server
2.0.0
openvpnopenvpn_access_server
2.0.1
openvpnopenvpn_access_server
2.0.2
openvpnopenvpn_access_server
2.0.3
openvpnopenvpn_access_server
2.0.5
openvpnopenvpn_access_server
2.0.6
openvpnopenvpn_access_server
2.0.7
openvpnopenvpn_access_server
2.0.8
openvpnopenvpn_access_server
2.0.10
canonicalubuntu_linux
12.04
canonicalubuntu_linux
14.04
canonicalubuntu_linux
14.10
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openvpn
bullseye
2.5.1-3
fixed
bookworm
2.6.3-1+deb12u2
fixed
bookworm (security)
2.6.3-1+deb12u2
fixed
sid
2.6.12-1
fixed
trixie
2.6.12-1
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openvpn
utopic
Fixed 2.3.2-9ubuntu1.1
released
trusty
Fixed 2.3.2-7ubuntu3.1
released
precise
Fixed 2.2.1-8ubuntu1.4
released
lucid
ignored
Common Weakness Enumeration
References
http://advisories.mageia.org/MGASA-2014-0512.html
http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00008.html
http://www.debian.org/security/2014/dsa-3084
http://www.mandriva.com/security/advisories?name=MDVSA-2015:139
http://www.ubuntu.com/usn/USN-2430-1
https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b
http://advisories.mageia.org/MGASA-2014-0512.html
http://lists.opensuse.org/opensuse-security-announce/2014-12/msg00008.html
http://www.debian.org/security/2014/dsa-3084
http://www.mandriva.com/security/advisories?name=MDVSA-2015:139
http://www.ubuntu.com/usn/USN-2430-1
https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b