What is CVE-2014-8104?

CVE-2014-8104 is a vulnerability in Mageia, classified under CWE-399. Published 2014-12-03.

Is CVE-2014-8104 known to be exploited?

1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.

Vulnerability in Mageia

CVE-2014-8104

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.

EPSS: 0.020 (84.0th percentile) — read the EPSS interpretation.

Affected products

Mageia — versions 4.0
Openvpn — versions 2.0.1_rc1, 2.0.1_rc2, 2.0.1_rc3
Openvpn Openvpn_access_server — versions 2.0.0, 2.0.1, 2.0.2
Canonical Ubuntu_linux — versions 12.04, 14.04, 14.10
Debian Debian_linux — versions 7.0, 8.0
Opensuse — versions 12.3, 13.1, 13.2
N/a — versions n/a

Weakness classification (CWE)

CWE-399

Public proof-of-concept exploits

skyleronken/Find-VulnerableSoftware

References

MDVSA-2015:139 (vendor-advisory, x_refsource_MANDRIVA, Broken Link)
secalert@redhat.com (x_refsource_CONFIRM, Third Party Advisory)
USN-2430-1 (x_refsource_UBUNTU, vendor-advisory, Third Party Advisory)
DSA-3084 (vendor-advisory, Third Party Advisory, x_refsource_DEBIAN)
secalert@redhat.com (x_refsource_CONFIRM, Vendor Advisory)
openSUSE-SU-2014:1594 (vendor-advisory, Third Party Advisory, x_refsource_SUSE)

Frequently asked questions

What is CVE-2014-8104?: CVE-2014-8104 is a vulnerability in Mageia, classified under CWE-399. Published 2014-12-03.
Is CVE-2014-8104 known to be exploited?: 1 public proof-of-concept repositories are indexed. Not currently listed in the CISA KEV catalog.