CVE-2020-6061

See a problem?
Please try reporting it to the source first.

Source

https://nvd.nist.gov/vuln/detail/CVE-2020-6061

Import Source

https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2020-6061.json

JSON Data

https://api.test.osv.dev/v1/vulns/CVE-2020-6061

Related

Published

2020-02-19T19:15:12Z

Modified

2024-10-12T06:37:26.156720Z

Severity

9.8 (Critical) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H CVSS Calculator

Summary

[none]

Details

An exploitable heap out-of-bounds read vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability.

References

Affected packages

Debian:11 / coturn

Package

Name: coturn
Purl: pkg:deb/debian/coturn?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.5.1.1-1.2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / coturn

Package

Name: coturn
Purl: pkg:deb/debian/coturn?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.5.1.1-1.2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / coturn

Package

Name: coturn
Purl: pkg:deb/debian/coturn?arch=source

Affected ranges

Type: ECOSYSTEM
Events: Introduced

0Unknown introduced version / All previous versions are affected

Fixed

4.5.1.1-1.2

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/coturn/coturn

Affected ranges

Type: GIT
Repo: https://github.com/coturn/coturn
Events: Introduced

0 Unknown introduced commit / All previous commits are affected

Last affected

952c2f6e7e9430558f2c25909997bf611783a98c

Affected versions

4.*

4.4.5.3

4.4.5.4

4.5.0.1

4.5.0.2

4.5.0.3

4.5.0.4

4.5.0.5

4.5.0.6

4.5.0.7

4.5.0.8

4.5.1.0

4.5.1.1

upstream/4.*

upstream/4.0.0.0

upstream/4.0.0.1

upstream/4.0.0.2

upstream/4.0.1.2

upstream/4.0.1.3

upstream/4.1.0.1

upstream/4.1.0.2

upstream/4.1.1.1

upstream/4.1.2.1

upstream/4.2.1.2

upstream/4.2.2.2

upstream/4.2.3.1

upstream/4.3.1.1

upstream/4.3.1.2

upstream/4.3.1.3

upstream/4.3.2.1

upstream/4.3.2.2

upstream/4.3.3.1

upstream/4.4.1.1

upstream/4.4.1.2

upstream/4.4.2.1

upstream/4.4.2.2

upstream/4.4.2.3

upstream/4.4.4.1

upstream/4.4.4.2

upstream/4.4.5.1

upstream/4.4.5.2

upstream/4.4.5.3

upstream/4.4.5.4

upstream/4.5.0.1

upstream/4.5.0.2

upstream/4.5.0.3

upstream/4.5.0.4

upstream/4.5.0.5

upstream/4.5.0.6

upstream/4.5.0.7

upstream/4.5.0.8

upstream/4.5.1.0

upstream/4.5.1.1