CVE-2019-14899, is Freedome affected on Android?

Anssi2

CVE-2019-14899 is a vulnerability affecting VPNs on Unix-like operating systems, including Android. Is Freedome affected and is there any workaround for Freedome?

[Deleted User]

Hello @Anssi2 

 

I will check this with our backend team and update here soon.

[Deleted User]

Hello @Anssi2 

 

Please find below the update from backend team.

 

Looks like this might be a wider problem than any VPN protocol implementation as its explained in the openVPN article here (linked from https://nvd.nist.gov/vuln/detail/CVE-2019-14899) has:

It doesn't appear to be a flaw in the OpenVPN software, but a flaw in the configuration of the operating system itself. The issue is more in how the operating system deals with this type of attack in general, rather than anything going wrong in the VPN connection itself

 

And find some more information here (linked from https://nvd.nist.gov/vuln/detail/CVE-2019-14899) has:

We believe this issue not strictly tied to any specific VPN solution, the paper just used VPN as one potential attack vector. This issue goes deeper into how the network stack in the kernel works in general (related to the host model [1]) and could typically work against any network interface.

 

So the case will need further analysis as there is no evidence suggesting there is flaw in the  VPN software itself.