Skip to main content

Mageia CVE-2014-8104

MEDIUM
Resource Management Errors (CWE-399)
2014-12-03 secalert@redhat.com
6.8
CVSS 2.0 · NVD
Share

Severity by source

NVD PRIMARY
6.8 MEDIUM
AV:N/AC:L/Au:S/C:N/I:N/A:C

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

AV:N/AC:L/Au:S/C:N/I:N/A:C
Attack Vector
Network
Attack Complexity
Low
Confidentiality
None
Integrity
None
Availability
C

Lifecycle Timeline

1
CVE Published
Dec 03, 2014 - 18:59 cve.org
MEDIUM 6.8

DescriptionCVE.org

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.

AnalysisAI

OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet. Rated medium severity (CVSS 6.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

Technical ContextAI

This vulnerability is classified under CWE-399. OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet. Affected products include: Mageia, Debian Debian Linux, Opensuse, Openvpn, Openvpn Openvpn Access Server. Version information: before 2.0.11.

RemediationAI

No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Apply vendor patches when available. Implement network segmentation and monitoring as interim mitigations.

More in Mageia

View all
CVE-2014-9274 HIGH POC
7.5 Dec 09

UnRTF allows remote attackers to cause a denial of service (crash) and possibly execute arbitrary code as demonstrated b

CVE-2014-5461 MEDIUM POC
5.0 Sep 04

Buffer overflow in the vararg functions in ldo.c in Lua 5.1 through 5.2.x before 5.2.3 allows context-dependent attacker

CVE-2014-9116 MEDIUM POC
5.0 Dec 02

The write_one_header function in mutt 1.5.23 does not properly handle newline characters at the beginning of a header, w

CVE-2014-7204 MEDIUM POC
5.0 Oct 07

jscript.c in Exuberant Ctags 5.8 allows remote attackers to cause a denial of service (infinite loop and CPU and disk co

CVE-2014-9087 HIGH
7.5 Dec 01

Integer underflow in the ksba_oid_to_str function in Libksba before 1.3.2, as used in GnuPG, allows remote attackers to

CVE-2014-8117 MEDIUM
5.0 Dec 17

softmagic.c in file before 5.21 does not properly limit recursion, which allows remote attackers to cause a denial of se

CVE-2014-8116 MEDIUM
5.0 Dec 17

The ELF parser (readelf.c) in file before 5.21 allows remote attackers to cause a denial of service (CPU consumption or

CVE-2013-4159 HIGH
7.5 Aug 06

ctdb before 2.3 in OpenSUSE 12.3 and 13.1 does not create temporary files securely, which has unspecified impact related

CVE-2014-9037 MEDIUM
6.8 Nov 25

WordPress before 3.7.5, 3.8.x before 3.8.5, 3.9.x before 3.9.3, and 4.x before 4.0.1 might allow remote attackers to obt

CVE-2014-3429 MEDIUM
6.8 Aug 07

IPython Notebook 0.12 through 1.x before 1.2 does not validate the origin of websocket requests, which allows remote att

CVE-2015-2296 MEDIUM
6.8 Mar 18

The resolve_redirects function in sessions.py in requests 2.1.0 through 2.5.3 allows remote attackers to conduct session

CVE-2014-4668 MEDIUM
6.8 Jul 02

The cherokee_validator_ldap_check function in validator_ldap.c in Cherokee 1.2.103 and earlier, when LDAP is used, does

Share

CVE-2014-8104 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy