Lucene search

K

Veracode Vulnerability DatabaseVERACODE:26144

HistoryAug 06, 2020 - 9:33 p.m.

Information Disclosure

2020-08-0621:33:18

Veracode Vulnerability Database

sca.analysiscenter.veracode.com

13

coturn

software vulnerability

stun/turn

information disclosure

buffer leak

attacker

client connections

EPSS

0.006

Percentile

79.3%

coturn is vulnerable to information disclosure. The STUN/TURN response buffer is not initialized properly and causes a leak of information between different client connections. An attacker is able to use their connection to intelligently query coturn to get interesting bytes in the padding bytes from the connection of another client.

References

lists.opensuse.org/opensuse-security-announce/2020-07/msg00010.html

github.com/coturn/coturn/blob/aab60340b201d55c007bcdc853230f47aa2dfdf1/ChangeLog#L15

github.com/coturn/coturn/issues/583

github.com/coturn/coturn/security/advisories/GHSA-c8r8-8vp5-6gcm

lists.debian.org/debian-lts-announce/2020/07/msg00002.html

lists.fedoraproject.org/archives/list/[email protected]/message/5G35UBNSRLL6SYRTODYTMBJ65TLQILUM/

lists.fedoraproject.org/archives/list/[email protected]/message/TNJJO77ZLGGFJWNUGP6VDG5HPAC5UDBK/

usn.ubuntu.com/4415-1/

www.debian.org/security/2020/dsa-4711

EPSS

0.006

Percentile

79.3%

Related for VERACODE:26144

osv4 openvas8 fedora2 nessus7 ubuntucve1 nvd1 freebsd1 mageia1 suse1 prion1 alpinelinux1 debiancve1 debian3 cvelist1 cve1 ubuntu1