DEBIAN-CVE-2020-4067

See a problem?
Please try reporting it to the source first.
Source
https://security-tracker.debian.org/tracker/CVE-2020-4067
Import Source
https://storage.googleapis.com/osv-test-debian-osv/debian-cve-osv/DEBIAN-CVE-2020-4067.json
JSON Data
https://api.test.osv.dev/v1/vulns/DEBIAN-CVE-2020-4067
Upstream
Published
2020-06-29T20:15:10.413Z
Modified
2025-11-14T03:08:08.748441Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligently query coturn to get interesting bytes in the padding bytes from the connection of another client. This has been fixed in 4.5.1.3.

References

Affected packages

Debian:11 / coturn

Package

Name
coturn
Purl
pkg:deb/debian/coturn?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.5.1.3-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:12 / coturn

Package

Name
coturn
Purl
pkg:deb/debian/coturn?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.5.1.3-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:13 / coturn

Package

Name
coturn
Purl
pkg:deb/debian/coturn?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.5.1.3-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}

Debian:14 / coturn

Package

Name
coturn
Purl
pkg:deb/debian/coturn?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.5.1.3-1

Ecosystem specific 

{
    "urgency": "not yet assigned"
}