Vulnerability   
Search   
    Search 187964 CVE descriptions
and 85075 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.144195
Category:General
Title:coturn < 4.5.1.3 Information Disclosure Vulnerability
Summary:coturn is prone to an information disclosure vulnerability.
Description:Summary:
coturn is prone to an information disclosure vulnerability.

Vulnerability Insight:
In coturn there is an issue whereby STUN/TURN response buffer is not
initialized properly. There is a leak of information between different client connections. One client (an
attacker) could use their connection to intelligently query coturn to get interesting bytes in the padding
bytes from the connection of another client.

Affected Software/OS:
coturn prior to version 4.5.1.3.

Solution:
Update to version 4.5.1.3 or later.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2020-4067
https://github.com/coturn/coturn/security/advisories/GHSA-c8r8-8vp5-6gcm
Debian Security Information: DSA-4711 (Google Search)
https://www.debian.org/security/2020/dsa-4711
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNJJO77ZLGGFJWNUGP6VDG5HPAC5UDBK/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5G35UBNSRLL6SYRTODYTMBJ65TLQILUM/
https://github.com/coturn/coturn/blob/aab60340b201d55c007bcdc853230f47aa2dfdf1/ChangeLog#L15
https://github.com/coturn/coturn/issues/583
https://lists.debian.org/debian-lts-announce/2020/07/msg00002.html
SuSE Security Announcement: openSUSE-SU-2020:0937 (Google Search)
http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00010.html
https://usn.ubuntu.com/4415-1/
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

This is only one of 85075 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2020 E-Soft Inc. All rights reserved.