Coturn
CVE-2020-6061
CRITICAL
Severity by source
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Lifecycle Timeline
1DescriptionNVD
An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability.
AnalysisAI
An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. Rated critical severity (CVSS 9.8), this vulnerability is remotely exploitable, no authentication required, low attack complexity. Public exploit code available and no vendor patch available.
Technical ContextAI
This vulnerability is classified as Out-of-bounds Read (CWE-125), which allows attackers to read data from memory outside the intended buffer boundaries. An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability. Affected products include: Coturn Project Coturn, Fedoraproject Fedora, Debian Debian Linux, Canonical Ubuntu Linux.
RemediationAI
No vendor patch is available at time of analysis. Monitor vendor advisories for updates. Validate array indices and buffer lengths. Use memory-safe languages. Enable AddressSanitizer during testing.
An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. Rated h
Coturn TURN/STUN server contains an access control bypass that allows remote attackers to reach blocked internal address
Stack buffer overflow in Coturn's OAuth token decoder (decode_oauth_token_gcm()) lets remote unauthenticated attackers c
Remote denial of service in Coturn TURN/STUN server allows unauthenticated attackers to crash ARM64 deployments with a s
In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. Rated
Server-side request forgery in coturn TURN/STUN server before 4.13.0 lets an authenticated TURN client bypass the defaul
SQL injection in the Coturn TURN/STUN server's HTTPS admin panel (versions prior to 4.12.0) allows an authenticated admi
Arbitrary file overwrite in Coturn prior to 4.13.0 is possible through the CLI management interface's `psd` (print sessi
Stored XSS in Coturn's web-admin HTTPS interface (all versions prior to 4.11.0) allows a TURN-level attacker to inject p
Same weakness CWE-125 – Out-of-bounds Read
View allSame technique Buffer Overflow
View allShare
External POC / Exploit Code
Leaving vuln.today