CVE-2023-48957: 
PureVPN vulnerability analysis and mitigation

CVE-2023-48957 affects PureVPN Linux client version 2.0.2-Productions. The vulnerability involves improper handling of DNS queries, which allows them to bypass the VPN tunnel and be sent directly to the ISP or default DNS servers (NVD). This vulnerability was discovered and disclosed in November 2023 by security researchers Rafay Baloch and Muhammad Samaak (Latest Hacking News, Rafay Baloch).

The vulnerability stems from the PureVPN Linux client's failure to properly handle DNS queries. When a user is connected to the VPN, DNS queries can bypass the VPN tunnel and be sent directly to the ISP or default DNS servers. This flaw was demonstrated using Ipleak.net, where the original IP address remained visible in DNS leak tests despite being connected to a VPN server (Rafay Baloch). The vulnerability has been assigned a CVSS v3.1 base score of 5.3 (Medium) with vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N (NVD).

The impact of this vulnerability is considered severe for a VPN service as it directly compromises user privacy. When exploited, it allows third parties, including ISPs, to view users' DNS queries and potentially track their browsing activity, effectively defeating the primary purpose of using a VPN for privacy (Latest Hacking News).

PureVPN has acknowledged and fixed the DNS leak vulnerability in a subsequent release after the disclosure (Latest Hacking News). Users should ensure they are running the latest version of the PureVPN Linux client to protect against this vulnerability.

Security researchers considered this vulnerability "as severe as an RCE" because it fails to serve the entire purpose of using a VPN. While PureVPN's response was noted as satisfactory, researchers expected a more aggressive response given that they are a security company where user privacy is their primary concern (Latest Hacking News).