Heap Out-of-Bounds Read in CoTURN Web Server by Affected Vendor
CVE-2020-6061

7HIGH

Key Information:

Vendor: Coturn Project
Status: Coturn
Vendor: CVE Published:; 19 February 2020

🔔 Create Coturn Project Vulnerability Alert

What is CVE-2020-6061?

A heap out-of-bounds read vulnerability exists in the CoTURN web server, specifically in version 4.5.1.1. The issue arises from improper parsing of specially crafted HTTP POST requests, leading to potential information leaks and irregular behavior of the server. Attackers can exploit this vulnerability by sending a malicious HTTPS request, making it crucial for users to apply security patches and updates to mitigate any risk.

Affected Version(s)

CoTURN CoTURN 4.5.1.1

References

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisoryx_refsource_FEDORA

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisoryx_refsource_FEDORA

https://lists.fedoraproject.org/archives/list/package-ann...

vendor-advisoryx_refsource_FEDORA

CVSS V3.1

Score:

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

CVSS V3.0

Score:

Severity:

HIGH

Confidentiality:

Low

Integrity:

Low

Availability:

Low

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 19, 2020
Vulnerability Reserved
Jan 7, 2020

CVE-2020-6061 Data

JSON