medium
6.8
CWE
399
Advisory Published
Updated

CVE-2014-8104

First published: Wed Dec 03 2014(Updated: )

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.

Credit: secalert@redhat.com

Affected SoftwareAffected VersionHow to fix
Mageia=4.0
Debian Linux=7.0
Debian Linux=8.0
openSUSE=12.3
openSUSE=13.1
openSUSE=13.2
OpenVPN Monitor=2.0.1_rc1
OpenVPN Monitor=2.0.1_rc2
OpenVPN Monitor=2.0.1_rc3
OpenVPN Monitor=2.0.1_rc4
OpenVPN Monitor=2.0.1_rc5
OpenVPN Monitor=2.0.1_rc6
OpenVPN Monitor=2.0.1_rc7
OpenVPN Monitor=2.0.2_rc1
OpenVPN Monitor=2.0.3_rc1
OpenVPN Monitor=2.0.4
OpenVPN Monitor=2.0.6_rc1
OpenVPN Monitor=2.0.9
OpenVPN Monitor=2.0_rc1
OpenVPN Monitor=2.0_rc2
OpenVPN Monitor=2.0_rc3
OpenVPN Monitor=2.0_rc4
OpenVPN Monitor=2.0_rc5
OpenVPN Monitor=2.0_rc6
OpenVPN Monitor=2.0_rc7
OpenVPN Monitor=2.0_rc8
OpenVPN Monitor=2.0_rc9
OpenVPN Monitor=2.0_rc10
OpenVPN Monitor=2.0_rc11
OpenVPN Monitor=2.0_rc12
OpenVPN Monitor=2.0_rc13
OpenVPN Monitor=2.0_rc14
OpenVPN Monitor=2.0_rc15
OpenVPN Monitor=2.0_rc16
OpenVPN Monitor=2.0_rc17
OpenVPN Monitor=2.0_rc18
OpenVPN Monitor=2.0_rc19
OpenVPN Monitor=2.0_rc20
OpenVPN Monitor=2.0_rc21
OpenVPN Monitor=2.0_test1
OpenVPN Monitor=2.0_test2
OpenVPN Monitor=2.0_test3
OpenVPN Monitor=2.0_test4
OpenVPN Monitor=2.0_test5
OpenVPN Monitor=2.0_test6
OpenVPN Monitor=2.0_test7
OpenVPN Monitor=2.0_test8
OpenVPN Monitor=2.0_test9
OpenVPN Monitor=2.0_test10
OpenVPN Monitor=2.0_test11
OpenVPN Monitor=2.0_test12
OpenVPN Monitor=2.0_test14
OpenVPN Monitor=2.0_test15
OpenVPN Monitor=2.0_test16
OpenVPN Monitor=2.0_test17
OpenVPN Monitor=2.0_test18
OpenVPN Monitor=2.0_test19
OpenVPN Monitor=2.0_test20
OpenVPN Monitor=2.0_test21
OpenVPN Monitor=2.0_test22
OpenVPN Monitor=2.0_test23
OpenVPN Monitor=2.0_test24
OpenVPN Monitor=2.0_test25
OpenVPN Monitor=2.0_test26
OpenVPN Monitor=2.0_test27
OpenVPN Monitor=2.0_test28
OpenVPN Monitor=2.0_test29
OpenVPN Monitor=2.1-beta-1
OpenVPN Monitor=2.1-beta-10
OpenVPN Monitor=2.1-beta-11
OpenVPN Monitor=2.1-beta-12
OpenVPN Monitor=2.1-beta-13
OpenVPN Monitor=2.1-beta-14
OpenVPN Monitor=2.1-beta-15
OpenVPN Monitor=2.1-beta-16
OpenVPN Monitor=2.1-beta-2
OpenVPN Monitor=2.1-beta-3
OpenVPN Monitor=2.1-beta-4
OpenVPN Monitor=2.1-beta-5
OpenVPN Monitor=2.1-beta-6
OpenVPN Monitor=2.1-beta-7
OpenVPN Monitor=2.1-beta-8
OpenVPN Monitor=2.1-beta-9
OpenVPN Monitor=2.1-rc_1
OpenVPN Monitor=2.1-rc_10
OpenVPN Monitor=2.1-rc_11
OpenVPN Monitor=2.1-rc_12
OpenVPN Monitor=2.1-rc_13
OpenVPN Monitor=2.1-rc_14
OpenVPN Monitor=2.1-rc_15
OpenVPN Monitor=2.1-rc_16
OpenVPN Monitor=2.1-rc_17
OpenVPN Monitor=2.1-rc_18
OpenVPN Monitor=2.1-rc_19
OpenVPN Monitor=2.1-rc_2
OpenVPN Monitor=2.1-rc_20
OpenVPN Monitor=2.1-rc_21
OpenVPN Monitor=2.1-rc_22
OpenVPN Monitor=2.1-rc_3
OpenVPN Monitor=2.1-rc_4
OpenVPN Monitor=2.1-rc_5
OpenVPN Monitor=2.1-rc_6
OpenVPN Monitor=2.1-rc_7
OpenVPN Monitor=2.1-rc_8
OpenVPN Monitor=2.1-rc_9
OpenVPN Monitor=2.1.0
OpenVPN Monitor=2.1.1
OpenVPN Monitor=2.1.2
OpenVPN Monitor=2.1.3
OpenVPN Monitor=2.1.4
OpenVPN Monitor=2.2-beta1
OpenVPN Monitor=2.2-beta2
OpenVPN Monitor=2.2-beta3
OpenVPN Monitor=2.2-beta4
OpenVPN Monitor=2.2-beta5
OpenVPN Monitor=2.2.0
OpenVPN Monitor=2.2.1
OpenVPN Monitor=2.2.2
OpenVPN Monitor=2.3-alpha1
OpenVPN Monitor=2.3-alpha2
OpenVPN Monitor=2.3-alpha3
OpenVPN Monitor=2.3-beta1
OpenVPN Monitor=2.3-rc1
OpenVPN Monitor=2.3-rc2
OpenVPN Monitor=2.3.0
OpenVPN Monitor=2.3.1
OpenVPN Monitor=2.3.2
OpenVPN Monitor=2.3.3
OpenVPN Monitor=2.3.4
OpenVPN Monitor=2.3.5
OpenVPN Access Server=2.0.0
OpenVPN Access Server=2.0.1
OpenVPN Access Server=2.0.2
OpenVPN Access Server=2.0.3
OpenVPN Access Server=2.0.5
OpenVPN Access Server=2.0.6
OpenVPN Access Server=2.0.7
OpenVPN Access Server=2.0.8
OpenVPN Access Server=2.0.10
Ubuntu=12.04
Ubuntu=14.04
Ubuntu=14.10

Never miss a vulnerability like this again

Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.

Read MoreStart Free Trial

Reference Links

Frequently Asked Questions

  • What is the severity of CVE-2014-8104?

    CVE-2014-8104 has been rated as a medium severity vulnerability due to its potential to cause denial of service by crashing OpenVPN servers.

  • How do I fix CVE-2014-8104?

    To mitigate CVE-2014-8104, upgrade OpenVPN to version 2.0.11 or later, 2.2.3 or later, or 2.3.6 or later.

  • What does CVE-2014-8104 exploit?

    CVE-2014-8104 exploits a vulnerability in OpenVPN’s handling of small control channel packets to crash the server.

  • Which versions of OpenVPN are affected by CVE-2014-8104?

    CVE-2014-8104 affects OpenVPN versions prior to 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6.

  • Can CVE-2014-8104 be exploited remotely?

    Yes, CVE-2014-8104 can be exploited by remote authenticated users, allowing them to crash the OpenVPN server.

Company

Resources

Contact

SecAlerts Pty Ltd.
132 Wickham Terrace
Fortitude Valley,
QLD 4006, Australia
info@secalerts.co
By using SecAlerts services, you agree to our services end-user license agreement. This website is safeguarded by reCAPTCHA and governed by the Google Privacy Policy and Terms of Service. All names, logos, and brands of products are owned by their respective owners, and any usage of these names, logos, and brands for identification purposes only does not imply endorsement. If you possess any content that requires removal, please get in touch with us.
© 2025 SecAlerts Pty Ltd.
ABN: 70 645 966 203, ACN: 645 966 203