UBUNTU-CVE-2020-4067

See a problem?
Please try reporting it to the source first.
Source
https://ubuntu.com/security/CVE-2020-4067
Import Source
https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2020/UBUNTU-CVE-2020-4067.json
JSON Data
https://api.test.osv.dev/v1/vulns/UBUNTU-CVE-2020-4067
Related
Published
2020-06-29T20:15:00Z
Modified
2020-06-29T20:15:00Z
Severity
  • 7.5 (High) CVSS_V3 - CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N CVSS Calculator
Summary
[none]
Details

In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligently query coturn to get interesting bytes in the padding bytes from the connection of another client. This has been fixed in 4.5.1.3.

References

Affected packages

Ubuntu:16.04:LTS / coturn

Package

Name
coturn
Purl
pkg:deb/ubuntu/coturn?arch=src?distro=xenial

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.5.0.3-1ubuntu0.3

Affected versions

4.*

4.4.5.4-2
4.5.0.2-3
4.5.0.3-1
4.5.0.3-1build1
4.5.0.3-1ubuntu0.2

Ecosystem specific 

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "4.5.0.3-1ubuntu0.3",
            "binary_name": "coturn"
        },
        {
            "binary_version": "4.5.0.3-1ubuntu0.3",
            "binary_name": "coturn-dbgsym"
        }
    ]
}

Ubuntu:18.04:LTS / coturn

Package

Name
coturn
Purl
pkg:deb/ubuntu/coturn?arch=src?distro=bionic

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.5.0.7-1ubuntu2.18.04.2

Affected versions

4.*

4.5.0.6-1ubuntu2
4.5.0.7-1ubuntu1
4.5.0.7-1ubuntu2
4.5.0.7-1ubuntu2.18.04.1

Ecosystem specific 

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "4.5.0.7-1ubuntu2.18.04.2",
            "binary_name": "coturn"
        },
        {
            "binary_version": "4.5.0.7-1ubuntu2.18.04.2",
            "binary_name": "coturn-dbgsym"
        }
    ]
}

Ubuntu:20.04:LTS / coturn

Package

Name
coturn
Purl
pkg:deb/ubuntu/coturn?arch=src?distro=focal

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
4.5.1.1-1.1ubuntu0.20.04.1

Affected versions

4.*

4.5.1.1-1.1build1
4.5.1.1-1.1build2

Ecosystem specific 

{
    "availability": "No subscription required",
    "ubuntu_priority": "medium",
    "binaries": [
        {
            "binary_version": "4.5.1.1-1.1ubuntu0.20.04.1",
            "binary_name": "coturn"
        },
        {
            "binary_version": "4.5.1.1-1.1ubuntu0.20.04.1",
            "binary_name": "coturn-dbgsym"
        }
    ]
}