OpenVPN - CVE 2019–14899

Not relevant for the VPN implementation on a Turris device itself unless an adversary (adjacent attacker) is in control of the router as outlined [1]

Nonetheless, the vulnerability could potentially be leveraged by an ISP a/o state actor on the WAN side.

Mitigation measures being discussed on the WG mailing list [2]


[1] https://seclists.org/oss-sec/2019/q4/122
[2] https://lists.zx2c4.com/pipermail/wireguard/2019-December/thread.html