271 matches found
DLA-2522-1 coturn - security update
Bulletin has no description...
Debian: Security Advisory (DSA-4829-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
[ASA-202101-21] coturn: insufficient validation
Arch Linux Security Advisory ASA-202101-21 ========================================== Severity: High Date : 2021-01-12 CVE-ID : CVE-2020-26262 Package : coturn Type : insufficient validation Remote : Yes Link : https://security.archlinux.org/AVG-1430 Summary ======= The package coturn before...
Debian DSA-4829-1 : coturn - security update
A flaw was discovered in coturn, a TURN and STUN server for VoIP. By default coturn does not allow peers on the loopback addresses 127.x.x.x and ::1. A remote attacker can bypass the protection via a specially crafted request using a peer address of '0.0.0.0' and trick coturn in relaying to the...
Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS : coTURN vulnerability (USN-4690-1)
The remote Ubuntu 16.04 LTS / 18.04 LTS / 20.04 LTS host has a package installed that is affected by a vulnerability as referenced in the USN-4690-1 advisory. It was discovered that coTURN allowed peers to connect and relay packets to loopback addresses in the range of 127.x.x.x. A malicious user...
USN-4690-1 coturn vulnerability
It was discovered that coTURN allowed peers to connect and relay packets to loopback addresses in the range of 127.x.x.x. A malicious user could use this vulnerability to insert packages into the loopback interface...
USN-4690-1: coTURN vulnerability
It was discovered that coTURN allowed peers to connect and relay packets to loopback addresses in the range of 127.x.x.x. A malicious user could use this vulnerability to insert packages into the loopback interface...
Authorization Bypass
coturn is vulnerable to authorization bypass. An attacker is able to bypass validation to connect and relay packets to the loopback address...
[SECURITY] [DSA 4829-1] coturn security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4829-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 11, 2021 https://www.debian.org/security/faq -...
[SECURITY] [DSA 4829-1] coturn security update
------------------------------------------------------------------------- Debian Security Advisory DSA-4829-1 [email protected] https://www.debian.org/security/ Salvatore Bonaccorso January 11, 2021 https://www.debian.org/security/faq -...
CVE-2020-26262
Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and relay packets to loopback addresses in the range of 127.x.x.x. However, it was observed that when sending a CONNECT request with the XOR-PEER-ADDRESS value...
DSA-4829-1 coturn - security update
Bulletin has no description...
Coturn 4.5.1.x Access Control Bypass
Loopback access control bypass in coturn by using 0.0.0.0, ::1 or :: as the peer address - Fixed version: 4.5.2 - Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2021-01-coturn-access-control-bypass - Coturn Security Advisory:...
Coturn 4.5.1.x Access Control Bypass Vulnerability
Coturn 4.5.1.x Access Control Bypass Vulnerability Loopback access control bypass in coturn by using 0.0.0.0, ::1 or :: as the peer address - Fixed version: 4.5.2 - Enable Security Advisory: https://github.com/EnableSecurity/advisories/tree/master/ES2021-01-coturn-access-control-bypass - Coturn...
UBUNTU-CVE-2020-26262
Coturn is free open source implementation of TURN and STUN Server. Coturn before version 4.5.2 by default does not allow peers to connect and relay packets to loopback addresses in the range of 127.x.x.x. However, it was observed that when sending a CONNECT request with the XOR-PEER-ADDRESS value...
PT-2020-5861
Name of the Vulnerable Software and Affected Versions: Coturn versions prior to 4.5.2 Description: The issue is related to incorrect input validation in Coturn, a free open source implementation of TURN and STUN Server. By sending a CONNECT request with the XOR-PEER-ADDRESS value of 0.0.0.0, a...
The vulnerability of the Coturn web server, related to the swapping of the zero pointer, allows attackers to trigger a service failure.
The vulnerability of the Coturn web server is related to the handling of the zero pointer. Exploiting this vulnerability could allow a malicious actor to cause service failures...
The vulnerability of the Coturn web server involves an operation that goes beyond the allowed buffer data limits. This allows attackers to access confidential data, compromise its integrity, and cause service failures.
The vulnerability of the Coturn web server is related to the execution of operations that exceed the allowable buffer data limits. Exploiting this vulnerability can allow an attacker to gain access to confidential data, compromise its integrity, and cause service failures...
The vulnerability of the STUN/TURN response buffer in the Coturn web server allows a attacker to access confidential data.
The vulnerability of the STUN/TURN response buffer in the Coturn web server is related to initialization errors. Exploiting this vulnerability can allow a malicious actor to gain access to confidential data...
Information Disclosure
coturn is vulnerable to information disclosure. The STUN/TURN response buffer is not initialized properly and causes a leak of information between different client connections. An attacker is able to use their connection to intelligently query coturn to get interesting bytes in the padding bytes...