|Title:||coturn < 18.104.22.168 Information Disclosure Vulnerability|
|Summary:||coturn is prone to an information disclosure vulnerability.|
coturn is prone to an information disclosure vulnerability.
In coturn there is an issue whereby STUN/TURN response buffer is not
initialized properly. There is a leak of information between different client connections. One client (an
attacker) could use their connection to intelligently query coturn to get interesting bytes in the padding
bytes from the connection of another client.
coturn prior to version 22.214.171.124.
Update to version 126.96.36.199 or later.
Common Vulnerability Exposure (CVE) ID: CVE-2020-4067|
Debian Security Information: DSA-4711 (Google Search)
SuSE Security Announcement: openSUSE-SU-2020:0937 (Google Search)
|Copyright||Copyright (C) 2020 Greenbone Networks GmbH|
|This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.|
To run a free test of this vulnerability against your system, register below.