VIR Vulnerability Intelligence Relay

CVE-2014-8104

medium
Published 2014-12-03 ยท Modified 2026-05-06
๐Ÿ’ฌ Discuss on Community โœš Propose mitigation
CVSS v3
โ€”
CVSS v4 NEW
โ€”
not yet in upstream
VIR risk
6.8

Description

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.

Predictions

Exploit likelihood
20%
Patch ETA
โ€”

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

No mitigations published for this CVE yet.

The vendor-content worker queues fetches as references arrive (check back in a few minutes). Or โ€” if you've already worked around this in production โ€” publish your fix to the community-verified tier.

โœš Propose a mitigation on Community โ†’ Mitigations published via the community go through AI scoring + 2 human reviewers + 7-day silent objection window before landing here with source_tier=community-verified.

OS impact
suse SUSE Affected 3 releases
VersionStatusFixed in
13.2 Affected โ€”
13.1 Affected โ€”
12.3 Affected โ€”
ubuntu Ubuntu Affected 3 releases
VersionStatusFixed in
14.10 Affected โ€”
14.04 Affected โ€”
12.04 Affected โ€”
debian Debian Mixed 7 releases
VersionStatusFixed in
trixie Fixed 2.3.4-5
sid Fixed 2.3.4-5
forky Fixed 2.3.4-5
bullseye Fixed 2.3.4-5
bookworm Fixed 2.3.4-5
8.0 Affected โ€”
7.0 Affected โ€”

Application impact
VendorProductVersionsFixed
openvpnopenvpn2.0.1_rc1
openvpnopenvpn2.0.1_rc2
openvpnopenvpn2.0.1_rc3
openvpnopenvpn2.0.1_rc4
openvpnopenvpn2.0.1_rc5
openvpnopenvpn2.0.1_rc6
openvpnopenvpn2.0.1_rc7
openvpnopenvpn2.0.2_rc1
openvpnopenvpn2.0.3_rc1
openvpnopenvpn2.0.4
openvpnopenvpn2.0.6_rc1
openvpnopenvpn2.0.9
openvpnopenvpn2.0_rc1
openvpnopenvpn2.0_rc2
openvpnopenvpn2.0_rc3
openvpnopenvpn2.0_rc4
openvpnopenvpn2.0_rc5
openvpnopenvpn2.0_rc6
openvpnopenvpn2.0_rc7
openvpnopenvpn2.0_rc8
openvpnopenvpn2.0_rc9
openvpnopenvpn2.0_rc10
openvpnopenvpn2.0_rc11
openvpnopenvpn2.0_rc12
openvpnopenvpn2.0_rc13
openvpnopenvpn2.0_rc14
openvpnopenvpn2.0_rc15
openvpnopenvpn2.0_rc16
openvpnopenvpn2.0_rc17
openvpnopenvpn2.0_rc18
openvpnopenvpn2.0_rc19
openvpnopenvpn2.0_rc20
openvpnopenvpn2.0_rc21
openvpnopenvpn2.0_test1
openvpnopenvpn2.0_test2
openvpnopenvpn2.0_test3
openvpnopenvpn2.0_test4
openvpnopenvpn2.0_test5
openvpnopenvpn2.0_test6
openvpnopenvpn2.0_test7
openvpnopenvpn2.0_test8
openvpnopenvpn2.0_test9
openvpnopenvpn2.0_test10
openvpnopenvpn2.0_test11
openvpnopenvpn2.0_test12
openvpnopenvpn2.0_test14
openvpnopenvpn2.0_test15
openvpnopenvpn2.0_test16
openvpnopenvpn2.0_test17
openvpnopenvpn2.0_test18
openvpnopenvpn2.0_test19
openvpnopenvpn2.0_test20
openvpnopenvpn2.0_test21
openvpnopenvpn2.0_test22
openvpnopenvpn2.0_test23
openvpnopenvpn2.0_test24
openvpnopenvpn2.0_test25
openvpnopenvpn2.0_test26
openvpnopenvpn2.0_test27
openvpnopenvpn2.0_test28
openvpnopenvpn2.0_test29
openvpnopenvpn2.1
openvpnopenvpn2.1.0
openvpnopenvpn2.1.1
openvpnopenvpn2.1.2
openvpnopenvpn2.1.3
openvpnopenvpn2.1.4
openvpnopenvpn2.2
openvpnopenvpn2.2.0
openvpnopenvpn2.2.1
openvpnopenvpn2.2.2
openvpnopenvpn2.3
openvpnopenvpn2.3.0
openvpnopenvpn2.3.1
openvpnopenvpn2.3.2
openvpnopenvpn2.3.3
openvpnopenvpn2.3.4
openvpnopenvpn2.3.5
openvpnopenvpn_access_server2.0.0
openvpnopenvpn_access_server2.0.1
openvpnopenvpn_access_server2.0.2
openvpnopenvpn_access_server2.0.3
openvpnopenvpn_access_server2.0.5
openvpnopenvpn_access_server2.0.6
openvpnopenvpn_access_server2.0.7
openvpnopenvpn_access_server2.0.8
openvpnopenvpn_access_server2.0.10

References

CWEs

CWE-399

Community-verified mitigations for this CVE will appear above when contributors publish them.

Verify integrity in audit chain (admin only). AS-IS.