CVE-2014-8104
openvpn - security update
EPSS 2.0%
Description
OpenVPN 2.x before 2.0.11, 2.1.x, 2.2.x before 2.2.3, and 2.3.x before 2.3.6 allows remote authenticated users to cause a denial of service (server crash) via a small control channel packet.
How to fix CVE-2014-8104
To remediate CVE-2014-8104, upgrade the affected package to a fixed version below.
- Debian/openvpn—upgrade to 2.3.4-5 or later
- Debian/openvpn—upgrade to 2.1.3-2+squeeze3 or later
- Debian/openvpn—upgrade to 2.2.1-8+deb7u3 or later
Is CVE-2014-8104 being exploited?
Low — EPSS is 2.0%, meaning exploitation activity has not been observed at scale.
Affected packages (3)
- from 0, < 2.3.4-5
- from 0, < 2.1.3-2+squeeze3
- from 0, < 2.2.1-8+deb7u3