Risk | Medium |
Patch available | YES |
Number of vulnerabilities | 1 |
CVE-ID | CVE-2020-4067 |
CWE-ID | CWE-665 |
Exploitation vector | Network |
Public exploit | N/A |
Vulnerable software Subscribe |
coTURN Server applications / Other server solutions |
Vendor | coTURN |
Security Bulletin
This security bulletin contains one medium risk vulnerability.
EUVDB-ID: #VU30159
Risk: Medium
CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]
CVE-ID: CVE-2020-4067
CWE-ID:
CWE-665 - Improper Initialization
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligently query coturn to get interesting bytes in the padding bytes from the connection of another client. This has been fixed in 4.5.1.3.
MitigationInstall update from vendor's website.
Vulnerable software versionscoTURN: 4.5.1.0 - 4.5.1.2
External linkshttp://lists.opensuse.org/opensuse-security-announce/2020-07/msg00010.html
http://github.com/coturn/coturn/blob/aab60340b201d55c007bcdc853230f47aa2dfdf1/ChangeLog#L15
http://github.com/coturn/coturn/issues/583
http://github.com/coturn/coturn/security/advisories/GHSA-c8r8-8vp5-6gcm
http://lists.debian.org/debian-lts-announce/2020/07/msg00002.html
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5G35UBNSRLL6SYRTODYTMBJ65TLQILUM/
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNJJO77ZLGGFJWNUGP6VDG5HPAC5UDBK/
http://usn.ubuntu.com/4415-1/
http://www.debian.org/security/2020/dsa-4711
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.