PT-2020-3633 · Coturn+3 · Coturn+3
Aleksandar Nikolic
·
Published
2020-02-19
·
Updated
2024-06-15
·
CVE-2020-6061
CVSS v2.0
10
Critical
| Vector | AV:N/AC:L/Au:N/C:C/I:C/A:C |
Name of the Vulnerable Software and Affected Versions
Coturn version 4.5.1.1
Description
The issue is related to an out-of-bounds operation in the Coturn web server, which can be exploited by a remote attacker to access confidential data, compromise its integrity, and cause a denial of service. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. The vulnerability can be triggered by sending an HTTPS request.
Recommendations
For Coturn version 4.5.1.1, consider restricting access to the web server until a patch is available. As a temporary workaround, avoid using the POST request functionality in the affected web server to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Exploit
Out of bounds Read
Memory Corruption
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Alt Linux
Coturn
Linuxmint
Ubuntu