CVE-2019-14899, is Freedome affected on Android?
Comments
-
-
Hello @Anssi2
Please find below the update from backend team.
Looks like this might be a wider problem than any VPN protocol implementation as its explained in the openVPN article here (linked from https://nvd.nist.gov/vuln/detail/CVE-2019-14899) has:
It doesn't appear to be a flaw in the OpenVPN software, but a flaw in the configuration of the operating system itself. The issue is more in how the operating system deals with this type of attack in general, rather than anything going wrong in the VPN connection itselfAnd find some more information here (linked from https://nvd.nist.gov/vuln/detail/CVE-2019-14899) has:
We believe this issue not strictly tied to any specific VPN solution, the paper just used VPN as one potential attack vector. This issue goes deeper into how the network stack in the kernel works in general (related to the host model [1]) and could typically work against any network interface.So the case will need further analysis as there is no evidence suggesting there is flaw in the VPN software itself.