An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an HTTP request to trigger this vulnerability.
CPE | Name | Operator | Version |
---|---|---|---|
ubuntu_linux | eq | 18.04 | |
ubuntu_linux | eq | 19.10 | |
ubuntu_linux | eq | 20.04 | |
ubuntu_linux | eq | 16.04 | |
coturn | eq | 4.5.1.1 | |
debian_linux | eq | 9.0 | |
debian_linux | eq | 10.0 | |
fedora | eq | 30 | |
fedora | eq | 31 | |
fedora | eq | 32 |
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/HQZZPI34LAS3SFNW6Z2ZJ46RKVGEODNA/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/OUVZRXW5ZIGWVKOLF3NPXRPP74YX7BUY/
lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/XN2NK6FT7AMW5UIZNXDNHKEAYWAUMGSF/
talosintelligence.com/vulnerability_reports/TALOS-2020-0985
usn.ubuntu.com/4415-1/
www.debian.org/security/2020/dsa-4711