An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability.
References
Link | Resource |
---|---|
https://talosintelligence.com/vulnerability_reports/TALOS-2020-0984 | Exploit Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQZZPI34LAS3SFNW6Z2ZJ46RKVGEODNA/ | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XN2NK6FT7AMW5UIZNXDNHKEAYWAUMGSF/ | Mailing List Third Party Advisory |
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OUVZRXW5ZIGWVKOLF3NPXRPP74YX7BUY/ | Mailing List Third Party Advisory |
https://www.debian.org/security/2020/dsa-4711 | Third Party Advisory |
https://usn.ubuntu.com/4415-1/ | Third Party Advisory |
Configurations
Configuration 1 (hide)
|
Configuration 2 (hide)
|
Configuration 3 (hide)
|
Configuration 4 (hide)
|
Information
Published : 2020-02-19 11:15
Updated : 2022-06-07 09:51
NVD link : CVE-2020-6061
Mitre link : CVE-2020-6061
JSON object : View
CWE
CWE-125
Out-of-bounds Read
Products Affected
fedoraproject
- fedora
canonical
- ubuntu_linux
debian
- debian_linux
coturn_project
- coturn