CVE-2019-14899, is Freedome affected on Android?

CVE-2019-14899 is a vulnerability affecting VPNs on Unix-like operating systems, including Android. Is Freedome affected and is there any workaround for Freedome?

Best Answer

  • SethuSethu Posts: 638 Moderator
    Accepted Answer

    Hello @Anssi2 

     

    Please find below the update from backend team.

     

    Looks like this might be a wider problem than any VPN protocol implementation as its explained in the openVPN article here (linked from https://nvd.nist.gov/vuln/detail/CVE-2019-14899) has:


    It doesn't appear to be a flaw in the OpenVPN software, but a flaw in the configuration of the operating system itself. The issue is more in how the operating system deals with this type of attack in general, rather than anything going wrong in the VPN connection itself

     

    And find some more information here (linked from https://nvd.nist.gov/vuln/detail/CVE-2019-14899) has:


    We believe this issue not strictly tied to any specific VPN solution, the paper just used VPN as one potential attack vector. This issue goes deeper into how the network stack in the kernel works in general (related to the host model [1]) and could typically work against any network interface.

     

    So the case will need further analysis as there is no evidence suggesting there is flaw in the  VPN software itself.

    Jaims

Comments

This discussion has been closed.