VIR Vulnerability Intelligence Relay

CVE-2014-8104

medium
Published 2014-12-03 · Modified 2026-05-06
CVSS v3
CVSS v2
6.8
VIR risk
6.8

Description

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.

Predictions

Exploit likelihood
20%
Patch ETA

Heuristic predictions, AS-IS, for prioritization only.

Mitigations

vendor Authored 2026-05-27

Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2014-8104

vendor Authored 2026-05-27

Vendor advisory: secalert@redhat.com — https://community.openvpn.net/openvpn/wiki/SecurityAnnouncement-97597e732b

OS impact
OSVersionStatusFixed in
suse suse12.3affected
suse suse13.1affected
suse suse13.2affected
debian debian7.0affected
debian debian8.0affected
ubuntu ubuntu12.04affected
ubuntu ubuntu14.04affected
ubuntu ubuntu14.10affected
debian debianbookwormfixed2.3.4-5
debian debianbullseyefixed2.3.4-5
debian debianforkyfixed2.3.4-5
debian debiansidfixed2.3.4-5
debian debiantrixiefixed2.3.4-5

Application impact
VendorProductVersionsFixed
openvpnopenvpn2.0.1_rc1
openvpnopenvpn2.0.1_rc2
openvpnopenvpn2.0.1_rc3
openvpnopenvpn2.0.1_rc4
openvpnopenvpn2.0.1_rc5
openvpnopenvpn2.0.1_rc6
openvpnopenvpn2.0.1_rc7
openvpnopenvpn2.0.2_rc1
openvpnopenvpn2.0.3_rc1
openvpnopenvpn2.0.4
openvpnopenvpn2.0.6_rc1
openvpnopenvpn2.0.9
openvpnopenvpn2.0_rc1
openvpnopenvpn2.0_rc2
openvpnopenvpn2.0_rc3
openvpnopenvpn2.0_rc4
openvpnopenvpn2.0_rc5
openvpnopenvpn2.0_rc6
openvpnopenvpn2.0_rc7
openvpnopenvpn2.0_rc8
openvpnopenvpn2.0_rc9
openvpnopenvpn2.0_rc10
openvpnopenvpn2.0_rc11
openvpnopenvpn2.0_rc12
openvpnopenvpn2.0_rc13
openvpnopenvpn2.0_rc14
openvpnopenvpn2.0_rc15
openvpnopenvpn2.0_rc16
openvpnopenvpn2.0_rc17
openvpnopenvpn2.0_rc18
openvpnopenvpn2.0_rc19
openvpnopenvpn2.0_rc20
openvpnopenvpn2.0_rc21
openvpnopenvpn2.0_test1
openvpnopenvpn2.0_test2
openvpnopenvpn2.0_test3
openvpnopenvpn2.0_test4
openvpnopenvpn2.0_test5
openvpnopenvpn2.0_test6
openvpnopenvpn2.0_test7
openvpnopenvpn2.0_test8
openvpnopenvpn2.0_test9
openvpnopenvpn2.0_test10
openvpnopenvpn2.0_test11
openvpnopenvpn2.0_test12
openvpnopenvpn2.0_test14
openvpnopenvpn2.0_test15
openvpnopenvpn2.0_test16
openvpnopenvpn2.0_test17
openvpnopenvpn2.0_test18
openvpnopenvpn2.0_test19
openvpnopenvpn2.0_test20
openvpnopenvpn2.0_test21
openvpnopenvpn2.0_test22
openvpnopenvpn2.0_test23
openvpnopenvpn2.0_test24
openvpnopenvpn2.0_test25
openvpnopenvpn2.0_test26
openvpnopenvpn2.0_test27
openvpnopenvpn2.0_test28
openvpnopenvpn2.0_test29
openvpnopenvpn2.1
openvpnopenvpn2.1.0
openvpnopenvpn2.1.1
openvpnopenvpn2.1.2
openvpnopenvpn2.1.3
openvpnopenvpn2.1.4
openvpnopenvpn2.2
openvpnopenvpn2.2.0
openvpnopenvpn2.2.1
openvpnopenvpn2.2.2
openvpnopenvpn2.3
openvpnopenvpn2.3.0
openvpnopenvpn2.3.1
openvpnopenvpn2.3.2
openvpnopenvpn2.3.3
openvpnopenvpn2.3.4
openvpnopenvpn2.3.5
openvpnopenvpn_access_server2.0.0
openvpnopenvpn_access_server2.0.1
openvpnopenvpn_access_server2.0.2
openvpnopenvpn_access_server2.0.3
openvpnopenvpn_access_server2.0.5
openvpnopenvpn_access_server2.0.6
openvpnopenvpn_access_server2.0.7
openvpnopenvpn_access_server2.0.8
openvpnopenvpn_access_server2.0.10

References

CWEs

CWE-399

Verify integrity in audit chain (admin only). AS-IS.