Advisory ROSA-SA-2026-3254

software: coturn 4.5.2 OS: ROSA-CHROME unaffected versions = coturn-4.5.2-6 affected versions coturn-4.5.2-6 CVE-ID: CVE-2026-27624 BDU-ID: None CVE-Crit: HIGH CVE-DESC.: A vulnerability in Coturn allows a remote attacker to bypass loopback and internal IP range locking denied-peer-ip option and...

Mageia: Security Advisory (MGASA-2026-0051)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Linux Distros Unpatched Vulnerability : CVE-2026-27624

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Coturn is a free open source implementation of TURN and STUN Server. Coturn is commonly configured to block loopback and internal ranges using denied-peer-ip...

CVE-2025-69217

A flaw was found in coturn. A remote attacker can exploit a predictable random number generator used for nonces and port randomization. By sending a series of unauthenticated requests, an attacker can reconstruct the random number generator's state, allowing them to predict future nonces and port...

UBUNTU-CVE-2025-69217

coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RANDbytes but libc's random if it's not runni...

CVE-2025-69217 Coturn has unsafe nonce and relay port randomization due to weak random number generation.

coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RANDbytes but libc's random if it's not runni...

CVE-2025-69217 Coturn has unsafe nonce and relay port randomization due to weak random number generation.

coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RANDbytes but libc's random if it's not runni...

EUVD-2020-18850

Malware in sbrugna...

EUVD-2018-15845

Malware in sbrugna...

EUVD-2020-27216

Malware in sbrugna...

USN-4690-1: coTURN vulnerability

It was discovered that coTURN allowed peers to connect and relay packets to loopback addresses in the range of 127.x.x.x. A malicious user could use this vulnerability to insert packages into the loopback interface...

DEBIAN-CVE-2020-4067

In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client an attacker could use their connection to intelligently query coturn to get interesting bytes in the...

CoTURN Buffer Overflow Vulnerability

CoTURN is an open source implementation of TURN VoIP Media Services NAT Traversal Server and Gateway and STUN Simple Traversal Network Address Translator for User Datagram Protocol Server. A buffer overflow vulnerability exists in the way the Web server parses POST requests in CoTURN version...

CVE-2018-4059

An exploitable unsafe default configuration vulnerability exists in the TURN server function of coTURN prior to version 4.5.0.9. By default, the TURN server runs an unauthenticated telnet admin portal on the loopback interface. This can provide administrator access to the TURN server configuratio...

CVE-2018-4058

An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide access to other private services running on that...

UBUNTU-CVE-2018-4056

An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a specially crafted username can cause an SQL injection, resulting in authentication bypass, which could give access to the TURN server administrator...