CVE-2020-6061
published 2020-02-19CVE-2020-6061: An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request…
PriorityP354critical9.8CVSS 3.1
AVNACLPRNUINSUCHIHAH
EPSS
4.99%
91.1th percentile
An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability.
Affected
19 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| canonical | ubuntu_linux | — | — |
| coturn_project | coturn | — | — |
| coturn_project | coturn | — | — |
| coturn_project | coturn | >= 0 < 4.5.1.1-1.2 | 4.5.1.1-1.2 |
| coturn_project | coturn | >= 0 < 4.5.1.1-1.2 | 4.5.1.1-1.2 |
| coturn_project | coturn | >= 0 < 4.5.1.1-1.2 | 4.5.1.1-1.2 |
| coturn_project | coturn | >= 0 < 4.5.1.1-1.2 | 4.5.1.1-1.2 |
| coturn_project | coturn | >= 0 < 4.5.0.3-1ubuntu0.3 | 4.5.0.3-1ubuntu0.3 |
| coturn_project | coturn | >= 0 < 4.5.0.7-1ubuntu2.18.04.2 | 4.5.0.7-1ubuntu2.18.04.2 |
| coturn_project | coturn | >= 0 < 4.5.1.1-1.1ubuntu0.20.04.1 | 4.5.1.1-1.1ubuntu0.20.04.1 |
| debian | coturn | < coturn 4.5.1.1-1.2 (bookworm) | coturn 4.5.1.1-1.2 (bookworm) |
| debian | debian_linux | — | — |
| debian | debian_linux | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
| fedoraproject | fedora | — | — |
CVSS provenance
nvdv3.19.8CRITICALCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
nvdv3.07.0HIGHCVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:U/C:L/I:L/A:H
nvdv2.07.5HIGHAV:N/AC:L/Au:N/C:P/I:P/A:P
osv9.8CRITICAL
vendor_debian9.8CRITICAL
vendor_ubuntu7.0HIGH
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
GHSA
GHSA-9vj8-fr5m-q39w: An exploitable heap overflow vulnerability exists in the way CoTURN 4
ghsa_unreviewed·2022-05-24
CVE-2020-6061 [HIGH] CWE-125 GHSA-9vj8-fr5m-q39w: An exploitable heap overflow vulnerability exists in the way CoTURN 4
An exploitable heap overflow vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability.
OSV
coturn vulnerabilities
osv·2020-07-06·CVSS 7.5
CVE-2020-4067 [HIGH] coturn vulnerabilities
coturn vulnerabilities
Felix Dörre discovered that coTURN response buffer is not initialized properly.
An attacker could possibly use this issue to obtain sensitive information.
(CVE-2020-4067)
It was discovered that coTURN web server incorrectly handled HTTP POST requests.
An attacker could possibly use this issue to cause a denial of service, obtain
sensitive information or other unspecified impact.
(CVE-2020-6061, CVE-2020-6062)
OSV
CVE-2020-6061: An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4
osv·2020-02-19·CVSS 9.8
CVE-2020-6061 [CRITICAL] CVE-2020-6061: An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4
An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability.
Ubuntu
coTURN vulnerabilities
vendor_ubuntu·2020-07-06·CVSS 7.0
CVE-2020-6061 [HIGH] coTURN vulnerabilities
Title: coTURN vulnerabilities
Summary: Several security issues were fixed in coTURN.
Felix Dörre discovered that coTURN response buffer is not initialized properly.
An attacker could possibly use this issue to obtain sensitive information.
(CVE-2020-4067)
It was discovered that coTURN web server incorrectly handled HTTP POST requests.
An attacker could possibly use this issue to cause a denial of service, obtain
sensitive information or other unspecified impact.
(CVE-2020-6061, CVE-2020-6062)
Instructions: In general, a standard system update will make all the necessary changes.
Debian
CVE-2020-6061: coturn - An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4....
vendor_debian·2020·CVSS 9.8
CVE-2020-6061 [CRITICAL] CVE-2020-6061: coturn - An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4....
An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability.
Scope: local
bookworm: resolved (fixed in 4.5.1.1-1.2)
bullseye: resolved (fixed in 4.5.1.1-1.2)
forky: resolved (fixed in 4.5.1.1-1.2)
sid: resolved (fixed in 4.5.1.1-1.2)
trixie: resolved (fixed in 4.5.1.1-1.2)
No detection rules found.
No public exploits indexed.
Talos
Vulnerability Spotlight: Memory corruption, DoS vulnerabilities in CoTURN
blogs_talos·2020-02-18·CVSS 9.8
[CRITICAL] Vulnerability Spotlight: Memory corruption, DoS vulnerabilities in CoTURN
## Vulnerability Spotlight: Memory corruption, DoS vulnerabilities in CoTURN
Aleksandar Nikolic of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.
CoTURN contains denial-of-service and memory corruption vulnerabilities in the way its web server parses POST requests. CoTURN is a TURN server implementation that can be used as a general- purpose network traffic TURN server and gateway. The software includes a web server for administration purposes, which is where these two vulnerabilities exist.
In accordance with our coordinated disclosure policy, Cisco Talos worked with CoTURN to ensure that these issues are resolved and that an update is available for affected customers. CoTURN notified Talos that these vulnerabilities were also discovered by Quarkslab.
## Vulnerability
Talos
Vulnerability Spotlight: Memory corruption, DoS vulnerabilities in CoTURN
blogs_talos·2020-02-18·CVSS 9.8
[CRITICAL] Vulnerability Spotlight: Memory corruption, DoS vulnerabilities in CoTURN
Aleksandar Nikolic of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.
CoTURN contains denial-of-service and memory corruption vulnerabilities in the way its web server parses POST requests. CoTURN is a TURN server implementation that can be used as a general-
purpose network traffic TURN server and gateway. The software includes a web server for administration purposes, which is where these two vulnerabilities exist.
In accordance with our coordinated disclosure policy, Cisco Talos worked with CoTURN to ensure that these issues are resolved and that an update is available for affected customers. CoTURN notified Talos that these vulnerabilities were also discovered by Quarkslab.
### Vulnerability detailsCoTURN HTTP Server POST-parsing memory corruption vulnerability (TALO
Bugzilla
CVE-2020-6061 coturn: specially crafted HTTP POST request can lead to heap overflow which can result in information leak [fedora-all]
bugzilla·2020-03-23·CVSS 9.8
CVE-2020-6061 [CRITICAL] CVE-2020-6061 coturn: specially crafted HTTP POST request can lead to heap overflow which can result in information leak [fedora-all]
CVE-2020-6061 coturn: specially crafted HTTP POST request can lead to heap overflow which can result in information leak [fedora-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of fedora-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit messag
Bugzilla
CVE-2020-6061 coturn: specially crafted HTTP POST request can lead to heap overflow which can result in information leak
bugzilla·2020-03-23·CVSS 9.8
CVE-2020-6061 [CRITICAL] CVE-2020-6061 coturn: specially crafted HTTP POST request can lead to heap overflow which can result in information leak
CVE-2020-6061 coturn: specially crafted HTTP POST request can lead to heap overflow which can result in information leak
An exploitable heap overflow vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior.
External Reference:
https://talosintelligence.com/vulnerability_reports/TALOS-2020-0984
Discussion:
Created coturn tracking bugs for this issue:
Affects: epel-all [bug 1816161]
Affects: fedora-all [bug 1816160]
---
This CVE Bugzilla entry is for community support informational purposes only as it does not affect a package in a commercially supported Red Hat product. Refer to the dependent bugs for status of those individual community products.
Bugzilla
CVE-2020-6061 coturn: specially crafted HTTP POST request can lead to heap overflow which can result in information leak [epel-all]
bugzilla·2020-03-23·CVSS 9.8
CVE-2020-6061 [CRITICAL] CVE-2020-6061 coturn: specially crafted HTTP POST request can lead to heap overflow which can result in information leak [epel-all]
CVE-2020-6061 coturn: specially crafted HTTP POST request can lead to heap overflow which can result in information leak [epel-all]
This is an automatically created tracking bug! It was created to ensure
that one or more security vulnerabilities are fixed in affected versions
of epel-all.
For comments that are specific to the vulnerability please use bugs filed
against the "Security Response" product referenced in the "Blocks" field.
For more information see:
http://fedoraproject.org/wiki/Security/TrackingBugs
When submitting as an update, use the fedpkg template provided in the next
comment(s). This will include the bug IDs of this tracking bug as well as
the relevant top-level CVE bugs.
Please also mention the CVE IDs being fixed in the RPM changelog and the
fedpkg commit message.
https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQZZPI34LAS3SFNW6Z2ZJ46RKVGEODNA/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OUVZRXW5ZIGWVKOLF3NPXRPP74YX7BUY/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XN2NK6FT7AMW5UIZNXDNHKEAYWAUMGSF/https://talosintelligence.com/vulnerability_reports/TALOS-2020-0984https://usn.ubuntu.com/4415-1/https://www.debian.org/security/2020/dsa-4711https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQZZPI34LAS3SFNW6Z2ZJ46RKVGEODNA/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OUVZRXW5ZIGWVKOLF3NPXRPP74YX7BUY/https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XN2NK6FT7AMW5UIZNXDNHKEAYWAUMGSF/https://talosintelligence.com/vulnerability_reports/TALOS-2020-0984https://usn.ubuntu.com/4415-1/https://www.debian.org/security/2020/dsa-4711
2020-02-19
Published