Felix Doerre

**Name of the Vulnerable Software and Affected Versions** coturn versions prior to 4.5.1.3 **Description** The issue is related to the STUN/TURN response buffer not being initialized properly in coturn, leading to a leak of information between different client connections. An attacker could exploit this to obtain confidential data from another client's connection by intelligently querying coturn to get interesting bytes in the padding bytes. **Recommendations** For versions prior to 4.5.1.3, update to version 4.5.1.3 to resolve the issue. As a temporary workaround, consider restricting access to the STUN/TURN functionality to minimize the risk of exploitation.