CVE-2020-4067
published 2020-06-29CVE-2020-4067: In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between…
PriorityP342high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
1.85%
76.4th percentile
In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligently query coturn to get interesting bytes in the padding bytes from the connection of another client. This has been fixed in 4.5.1.3.
Affected
20 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| coturn | coturn | — | — |
| coturn_project | coturn | < 4.5.1.3 | 4.5.1.3 |
| coturn_project | coturn | >= 0 < 4.5.1.3-1 | 4.5.1.3-1 |
| coturn_project | coturn | >= 0 < 4.5.1.3-1 | 4.5.1.3-1 |
| coturn_project | coturn | >= 0 < 4.5.1.3-1 | 4.5.1.3-1 |
| coturn_project | coturn | >= 0 < 4.5.1.3-1 | 4.5.1.3-1 |
| coturn_project | coturn | >= 0 < 4.5.0.3-1ubuntu0.3 | 4.5.0.3-1ubuntu0.3 |
| coturn_project | coturn | >= 0 < 4.5.0.7-1ubuntu2.18.04.2 | 4.5.0.7-1ubuntu2.18.04.2 |
| coturn_project | coturn | >= 0 < 4.5.1.1-1.1ubuntu0.20.04.1 | 4.5.1.1-1.1ubuntu0.20.04.1 |
| debian | coturn | < coturn 4.5.1.3-1 (bookworm) | coturn 4.5.1.3-1 (bookworm) |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| opensuse | leap | — | — |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv7.5HIGH
vendor_debian7.0HIGH
vendor_ubuntu7.0HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
OSV
coturn vulnerabilities
osv·2020-07-06·CVSS 7.5
CVE-2020-4067 [HIGH] coturn vulnerabilities
coturn vulnerabilities
Felix Dörre discovered that coTURN response buffer is not initialized properly.
An attacker could possibly use this issue to obtain sensitive information.
(CVE-2020-4067)
It was discovered that coTURN web server incorrectly handled HTTP POST requests.
An attacker could possibly use this issue to cause a denial of service, obtain
sensitive information or other unspecified impact.
(CVE-2020-6061, CVE-2020-6062)
OSV
CVE-2020-4067: In coturn before version 4
osv·2020-06-29·CVSS 7.5
CVE-2020-4067 [HIGH] CVE-2020-4067: In coturn before version 4
In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligently query coturn to get interesting bytes in the padding bytes from the connection of another client. This has been fixed in 4.5.1.3.
Ubuntu
coTURN vulnerabilities
vendor_ubuntu·2020-07-06·CVSS 7.0
CVE-2020-6061 [HIGH] coTURN vulnerabilities
Title: coTURN vulnerabilities
Summary: Several security issues were fixed in coTURN.
Felix Dörre discovered that coTURN response buffer is not initialized properly.
An attacker could possibly use this issue to obtain sensitive information.
(CVE-2020-4067)
It was discovered that coTURN web server incorrectly handled HTTP POST requests.
An attacker could possibly use this issue to cause a denial of service, obtain
sensitive information or other unspecified impact.
(CVE-2020-6061, CVE-2020-6062)
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2020-4067: coturn - In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response b...
vendor_debian·2020·CVSS 7.0
CVE-2020-4067 [HIGH] CVE-2020-4067: coturn - In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response b...
In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligently query coturn to get interesting bytes in the padding bytes from the connection of another client. This has been fixed in 4.5.1.3.
Scope: local
bookworm: resolved (fixed in 4.5.1.3-1)
bullseye: resolved (fixed in 4.5.1.3-1)
forky: resolved (fixed in 4.5.1.3-1)
sid: resolved (fixed in 4.5.1.3-1)
trixie: resolved (fixed in 4.5.1.3-1)
No detection rules found.
No public exploits indexed.
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00010.htmlhttps://github.com/coturn/coturn/blob/aab60340b201d55c007bcdc853230f47aa2dfdf1/ChangeLog#L15https://github.com/coturn/coturn/issues/583https://github.com/coturn/coturn/security/advisories/GHSA-c8r8-8vp5-6gcmhttps://lists.debian.org/debian-lts-announce/2020/07/msg00002.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5G35UBNSRLL6SYRTODYTMBJ65TLQILUM/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNJJO77ZLGGFJWNUGP6VDG5HPAC5UDBK/https://usn.ubuntu.com/4415-1/https://www.debian.org/security/2020/dsa-4711http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00010.htmlhttps://github.com/coturn/coturn/blob/aab60340b201d55c007bcdc853230f47aa2dfdf1/ChangeLog#L15https://github.com/coturn/coturn/issues/583https://github.com/coturn/coturn/security/advisories/GHSA-c8r8-8vp5-6gcmhttps://lists.debian.org/debian-lts-announce/2020/07/msg00002.htmlhttps://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5G35UBNSRLL6SYRTODYTMBJ65TLQILUM/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNJJO77ZLGGFJWNUGP6VDG5HPAC5UDBK/https://usn.ubuntu.com/4415-1/https://www.debian.org/security/2020/dsa-4711
2020-06-29
Published